logo aftership

Pricing

GDPR Compliance for your Protection

Have peace of mind knowing that AfterShip protects your data.

GDPR Image

Overview and GDPR basics

AfterShip’s DPO, GDPR Representative and employees

Security & Privacy Features

At AfterShip, we take our commitment to protecting your data seriously. We have you covered with key EU-GDPR compliant security features.

Security Measures

The AfterShip Services are hosted on Amazon Web Service and Google Cloud Platform in the United States of America and protected by security and environmental controls. Amazon Web Service and Google Cloud Platform regularly undergo independent verification of security, privacy, and compliance controls. Additional details are available at:

AfterShip configures the firewalls on the production environment according to industry best practices and monitor unauthorized intrusions' services. AfterShip also uses Cloudflare WAF to block cyber-attacks. AfterShip performs automated vulnerability scans on the production environment and remediate any findings that present a risk to our environment. Additionally, AfterShip undergoes annual third-party penetration testing. A bug bounty program through HackerOne is also maintained, where security researchers are invited to submit vulnerabilities to AfterShip throughout the year. Additionally, the security review process facilitated by the security team is an integral part of AfterShip development lifecycle and the industry security coding and review practices are followed.

AfterShip regularly performs security awareness training for all staff. AfterShip also offers 24x7 security monitoring and incident response.

Security Certifications

AfterShip is ISO 27001 certified. ISO/IEC 27001:2013 is a security management standard that specifies security management best practices and comprehensive security controls.

SSO and Two-Factor Authentication

The AfterShip products allow users to login to their AfterShip accounts using built-in AfterShip login or "Sign in with Google" login. AfterShip allows authorized clients access to AfterShip through Multi-Factor Authentication (MFA) and API-Request Authentication.

Data Encryption to Prevent Unauthorized Access

AfterShip encrypts customer data aligning with industry-tested and accepted standards. We use TLS 1.2 to encrypt all traffic in transit. We also use AES-256 bit encryption to secure database connection credentials and data stored at rest. AfterShip monitors the changing cryptographic landscape closely and work promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve.

Application Protection

AfterShip regularly performs security penetration testing using established security firms.

Further Description of the Security Measures

Further technical and organizational measures in accordance with GDPR are described in the DPA accessible here.

Status Transparency

We proactively monitor our uptime status, making us a reliable, consistent and trustworthy partner.

View our platform status

Legal documents

file

DPA

AfterShip works with merchants (data controllers) for most of its processing activities. The DPA describes the data protection obligations of the parties within the framework of their relationship. The DPA is accessible here.

file

Privacy Policy

In some instances, AfterShip is considered as an independent controller, for example for activities provided directly through its applications when creating an AfterShip account. For general information about privacy at AfterShip, please consult the Privacy Policy.

file

Technical and organisational measures

AfterShip technical and organizational measures are described in the DPA accessible here.

file

List of Subprocessors

In accordance with GDPR, AfterShip engages subprocessors based on the data controller’s general written authorization. AfterShip will inform the controller of any intended changes concerning the addition or replacement of said subprocessors. The list is accessible here.

More Questions?

If you have any questions regarding personal data at AfterShip, please contact us at [email protected].

Create a world-class post-purchase experience