Skip to main content

Security & Trust

Your data is not our product

BestWebby is built on the principle that merchants should control their data, their payments, and their customer relationships. Security is infrastructure — not a feature tier.

In progress

SOC 2 Type II

Audit scheduled for Q4 2026. Controls are implemented; certification pending formal audit completion.

Active

GDPR Compliance

Full GDPR compliance including right to erasure, data portability, and DPA available for EU merchants.

Active

Encryption at rest

All customer and merchant data encrypted at rest using AES-256. Database backups are encrypted independently.

Active

Encryption in transit

TLS 1.3 enforced on all connections. HTTP Strict Transport Security with a 2-year max-age. No HTTP fallback.

Infrastructure overview

  • Hosted on AWS (EU-West and US-East regions) with automatic failover
  • PostgreSQL with automated daily backups retained for 30 days
  • Redis for queue management with AOF persistence (no data loss on restart)
  • Cloudflare for CDN, rate limiting, bot protection, and DDoS mitigation
  • Private network between all internal services — no public service-to-service traffic
  • Secrets managed via environment variables; never committed to version control
  • Least-privilege IAM — each service has only the permissions it needs

GDPR & Privacy

BestWebby is fully GDPR-compliant. We act as a Data Processor for merchant data and as a Data Controller for our own users. The full Data Processing Agreement (DPA) is available at /legal/dpa.

Merchants can request a full data export or erasure at any time via the dashboard Settings page or by emailing our contact form. We respond to all requests within 72 hours.

Responsible disclosure

We welcome responsible disclosure of security vulnerabilities. If you discover an issue, please report it privately to our security team before public disclosure. We commit to acknowledging reports within 24 hours and resolving valid reports within 30 days.

our contact form

PGP key available on request. Please include detailed reproduction steps and estimated impact.

Uptime commitment

99.9% monthly uptime SLA on Enterprise plans. Historical uptime visible at status.bestwebby.com.

Security questions? Let's talk.

Enterprise security reviews, custom DPAs, and on-premise options available.

Contact security team