CorporateGift.com Privacy and Security

We’re invested in protecting your enterprise activity, data and account information

Protecting payment card information

To protect our systems from breaches and cardholder data theft, our marketplace and gifting platform are PCI DSS (Payment Card Industry Data Security Standard) compliant.

We regularly monitor and test networks, maintain and enforce internal Information Security Policies, engage third party auditors and use ethical hackers (penetration testers) to simulate cyber attacks to identify any vulnerabilities in our IT systems, email services, payment processing and network components.

Safeguarding sensitive data

A data breach is devastating for every party involved. To protect your organization, your IT group may require your technology sellers to be ISO 27001 certified. This ensures a seller maintains an ISMS (Information Security Management System) that adheres to internationally recognized security best practices.

Our ISO 27001 certified ISMS consists of internal policies, procedures and other safeguards involving our staff, platform accounts, website users, processes and applications. Independent auditors from the Certification Board routinely review our ISMS during every certification period.

Your privacy is our policy

GDPR (General Data Protection Regulation) is more than just asking your permission to accept cookies. GDPR is about your rights over your personal data -whether you live in the EU or not.

CorporateGift engages third party auditors to review and inform our GDPR compliance, and is certified by the U.S. Privacy Shield Framework. Our Privacy Policy outlines in detail how we collect and use your personal information, and how you can opt out of our use of personal and account.

Privacy and Security FAQs

How do you protect browsing security?

We leverage modern browser protections such as Content Security Policy (CSP) and security HTTP headers to prevent Cross-Site Scripting (XSS), Clickjacking and other code injection attacks resulting from the execution of malicious content in the trusted web page context.

How do you protect network security?

We employ SSL/TLS encryption during data transfer between our servers and databases within the same data center to protect our applications and services. We continuously monitor and update cryptographic and cipher suite settings as risks change. Our systems are divided into separate networks using logically isolated instances in Amazon Web Services. This protects sensitive data by providing isolation between machines in different trust zones.

How do you protect against middleman attacks?

To prevent middleman attacks, we employ protocol to ensure our applications only communicate with our own servers. Within our application, we flag all authentication cookies as Secure and apply HSTS (HTTP Strict Transport Security). The Corporategift.com domain is included in HSTS Preload list for all major browsers.

How do we protect data at rest?

Using secure storage and an encrypted RDS relational database management system, we make sure your data is not readable to anybody other than the people and processes that are required to attend to your orders and needs.

How are users authenticated with CorporateGift.com and the CG Elite platform?

To ensure user access tokens are protected against attacks, we employ the most secure version of the OAuth 2.0 authorization code, encrypted at rest using AES-128 encryption by OAuth. We do not receive or store user passwords using OAuth. We can integrate with any SSO provider that supports OpenID Connect or SAML 2.0, such as Okta, ADFS, Acure, OneLogin and similar services.

What Security Testing measures does CorporateGift employ?

We adhere to the leading Open Web Application Security Project (OWASP) Testing Guide methodology for security testing. Following feature implementation, internal security QA is conducted to verify correctness and resilience against any attacks. If discovered, vulnerabilities are promptly prioritized and mitigated. We also regularly employ third-party security consultancies to independently audit and verify our applications and conduct penetration tests. Our on-call engineers immediately address any discovered threats to our network.

What is “Security by Design”?

Security by design is a core principle at CorporateGift. Proposed features are reviewed by a team of senior engineers experienced in building secure technology systems from ideation to ensure compliance with security controls and protocol. We employ secure programming techniques for both new code developments and code reuse to ensure standards are applied to development and are consistent with currently recognized best practices.

What disaster recovery processes do you employ?

Corporategift.com customer data is regularly backed up each day to guard against data loss. All backups are encrypted both in transit and at rest using strong industry encryption. We geographically distribute all backups to maintain redundancy in the event of a natural disaster or a location-specific failure. We are also set up to operate from geographically distributed locations, and leverage cloud resources.

May we receive a copy of your ISO 27001 audit report?