Overview

At Supermove, we take the protection of customer data extremely seriously. This article is broken out into two sections:

• Part 1: Supermove Security
• Part 2: Supermove Payments

Part 1: Supermove Security 

This Supermove Security Policy describes the organizational and technical measures Supermove implements platform-wide designed to prevent unauthorized access, use, alteration, or disclosure of customer data. The Supermove services operate on Amazon Web Services (AWS). This policy describes the activities of Supermove within its instance of AWS unless otherwise specified.

Infrastructure

• All of our services run in the cloud. Supermove does not run our own routers, load balancers, DNS servers, or physical servers.
• All of our services and data are hosted in AWS facilities and protected by AWS security, as described at http://aws.amazon.com/security/sharing-the-security-responsibility.
• All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network.

Data

• All of our services run in the cloud. Supermove does not run our own routers, load balancers, DNS servers, or physical servers.
• All of our services and data are hosted in AWS facilities and protected by AWS security, as described at http://aws.amazon.com/security/sharing-the-security-responsibility.
• All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network.

Important: We advise against the collection of customer credit card information on documents. Instead, we recommend using Supermove Payments, outlined in Part 2

Data Transfer

• All data sent to or from Supermove is encrypted in transit using 256-bit encryption.
• We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.

Note: If you're looking for more information not outlined above, please reach out to Supermove Support at help@supermove.com

Part 2: Supermove Payments

PCI Compliance for Supermove Users

Any entity engaged in processing, transmitting, or storing card data must adhere to the Payment Card Industry Data Security Standards (PCI DSS). Our payment processor has undergone a comprehensive evaluation by an independent PCI Qualified Security Assessor (QSA) and has obtained certification as a PCI Level 1 Service Provider, the highest level of stringency in payment services.

For Supermove users, achieving PCI compliance is simplified by avoiding direct interaction with card data. Our payment processor safeguards customer card information through secure integrations. By using the recommended payment integrations, Supermove ensures that payment details are securely collected and directly transmitted to our payment processor without passing through your servers, easing PCI compliance efforts.

Specifically, if you utilize our payment processor’s Card Forms or SecureFields JS to gather card details in a card-not-present environment, you qualify for the simplest PCI validation method: SAQ A. This simplicity is because the payment processor securely hosts all form inputs containing card data within an iframe served from their domain, ensuring your servers never contact the card information. Supermove can assist in generating a SAQ A, available upon request from our customer support.

If other integration methods are used, different PCI validation methods might be required. Our support team is available to help assess specific use cases and provide guidance.

Note: If your annual transaction volume exceeds 6 million transactions with Visa or MasterCard, or 2.5 million transactions with American Express, or if classified as a Level 1 provider by any card network, SAQ validation isn’t eligible. In such cases, completing a Report on Compliance (RoC) annually is required.