Data Security

This article is an overview of Commerce7's data security including data we store and how we store it.

At Commerce7, we take data security very seriously. Read below for answers to common questions around data security with Commerce7. 

Where is Commerce7’s data stored?

All of Commerce7’s data is stored in Amazon Web Services (AWS)

What specific pieces of customer information is Commerce7 storing?

The following customer data is stored by Commerce7;

  • Name
  • Birthdate
  • Address
  • Phone Number
  • IP Address
  • User Agent
  • Purchase History
  • Credit Card Tokens

Commerce7 does NOT store credit card information (we only store the token).

    How is customer data stored?

    Commerce7 uses Amazon’s Aurora Database and DynamoDB. All data is encrypted at Rest.

    What protection measures do we have in place around these databases?

    Only 3 individuals in Commerce7 have access to these databases. Database keys are stored in an AWS vault. We have a large test suite that runs on deploy, we do regular security scans. Aurora Databases are with-in a virtual private network (VPC) in AWS, only accessible over VPN for 3 individuals, VPN logging, Aurora Insights Logging, and AWS Cloud Trail record all activity.

    What other privacy measures have been put in place? 

    Security is talked about with all staff members.  It's part of onboarding and part of regular training and staff meetings.  Everything is logged. Last 20 edits are stored.  Items deleted are stored in trash. No shared username/passwords. Our security within the platform requires only admin/owners to invite additional users (Accounts), and all admin/owners receive notification upon new invites. Commerce7 staff can't send account invites on your behalf.

    With GDPR & CCPA compliance laws, what additional measures is Commerce7 taking for customers that have CA or EU addresses? 

    We treat all customer data the same.  Customers have the right to know what we store (and we make it easy to retrieve that data) and customers have a right to be deleted (we make that easy).  We are the first wine platform to allow for things like the canceling of membership online.