Security at Pointify
Your trust is our foundation. We use industry-leading security practices to ensure your personal data, payment information, and loyalty credentials are always protected.
Compliance & Certifications
PCI DSS Level 1
All payment processing is handled through Stripe, a PCI DSS Level 1 certified service provider. Your card details never touch our servers.
SOC 2 Type II Readiness
Our infrastructure and operational controls are aligned with SOC 2 Type II standards for security, availability, and confidentiality.
GDPR & CCPA Compliant
We respect your data rights under GDPR, CCPA, and other privacy regulations. You can request data export or deletion at any time.
TLS 1.3 Encryption
All data in transit is encrypted using TLS 1.3, the latest transport layer security protocol. We enforce HSTS and certificate transparency.
AES-256 Encryption at Rest
All stored data, including loyalty credentials and personal information, is encrypted at rest using AES-256, the same standard used by governments.
Infrastructure Security
Hosted on AWS with VPC isolation, WAF protection, DDoS mitigation via Cloudflare, and automated vulnerability scanning across our entire stack.
Our Security Practices
Beyond certifications, we maintain a comprehensive set of operational security practices.
Data Handling
We collect only what we need and delete what we don't. Your loyalty program credentials are encrypted with AES-256 and stored in an isolated database with strict access controls.
0
Card numbers stored on our servers
AES-256
Encryption for data at rest
TLS 1.3
Encryption for data in transit
Responsible Disclosure
Found a vulnerability? We appreciate responsible disclosure. Please contact our security team at security@pointifytravels.com and we will respond within 24 hours.
Ready to find your best fare?
Join travel professionals who never overpay for flights. Free account in 30 seconds.
Create Free Account