Security Policy

last updated: Feb 17, 2022

Application controls

Centime, Inc (“Centime”) operates multiple security controls across the application, payments, network and infrastructure, data and compliance.
  • A strong password policy and 2-Factor Authentication
  • An automatic session logout after a period of inactivity
  • A record of all critical user activity with a timestamped audit trail that cannot be altered
  • A facility to provide granular entitlements for various Centime modules and features

Payment controls

  • Secure API-based integrations with payment processors that are all PCI-DSS and SOC certified
  • Robust, multi-level payment approval policy, part of the Centime payment workflow
  • Ability to set transaction limits for payments
  • Ability for Clients to issue and use single-use virtual cards with restrictions on amount and validity
Security policy image

Network and infrastructure controls

  • Centime's servers and network infrastructure are hosted and managed by leading certified cloud provider
  • Usage ofsecurity software, intrusion detection and prevention systems, and network monitoring technology to detect and prevent unauthorized electronic access to Centime's servers
  • Usage of Transport Layer Security (TLS) and industry standard cipher suites to protect customer data during transit over the internet
  • Periodic Vulnerability Assessments and Penetration Tests performed through PCI DSS Approved Scanning Vendors (ASVs) covering infrastructure and application

Data controls

  • Ensuring encryption of PII and other sensitive information during transit and at rest using strong encryption standards like AES 256
  • Implemented strong back up and restoration mechanism to protect against data loss
  • Ensuring only authorized people with signed NDA have access to Centime systems and data
  • Storage of sensitive information in a secured Vault.

Compliance controls

  • Centime is SOC 1 Type I compliant and SOC 2 Type I is in progress
  • Centime is PCI DSS SAQ A compliant
  • Centime is hosted on a leading SOC 2 certified cloud services provider
  • Centime partners with  PCI DSS and SOC 2 certified payment processors and financial institutions
  • Centime enforces a Know Your Customer (KYC) process to ensure that the Centime application can be used only for the intended purpose and not for any illegal and unintended purposes of money laundering, terrorist financing, violating or subverting OFAC sanctions, or for other illegal purposes

Contact Us

If you have questions or concerns regarding this Security Policy, contact us at:
Centime, Inc.
Attn: Privacy Manager
75 State Street,
Boston, MA 02109
Email: cs@centime.com
Close ButtonClose Button