The most concerned data will be the customers’ name, address, phone number, email, etc. The data could be existed or copied on the clients’ computer, backup, POS databases, WooCommerce databases, web hosting, or any third party handles the data. We have no control to these data, the network environment, or where does it store, or how data processed or transferred.
We made our software meets PCI security standard a couple of years ago. We don’t have any PCI certification as this is time-consuming and will spend lots of money, and it doesn’t make sense to us.
We currently only provide out-of-scope payment solution, which means we don’t handle any sensitive data at all. The credit card info will be collected by the pin pad device and directly send to the processor by the device, not by WooPOS software.
We have permission control on every single button and menu. The admin password must be a strong password, expires every 90 days, cannot be same as last 4 passwords.
WooPOS databases and backups have password protection. The POS database is connected by an encrypted connection. The database password is random generated 16-digit strong password.