Security Statement

This Security Statement is aimed at providing you with more information about our security infrastructure and practices. Our Privacy Policy contains more information about how we handle the data that we collect.

Security methodology

Enterprise-grade security is built into every aspect of how users leverage the BuyChain platform, without sacrificing usability so that you can get the most value out of BuyChain.

BuyChain’s industry-leading security program is based on the concept of defense in depth:  securing our organization – and your data – at every layer. We continue to earn certifications adhering to the most broadly recognized security standards, offer solutions to help you address your compliance requirements and employ rigorous measures at the architectural and operational levels to keep your data safe.

The BuyChain platform meets and exceeds some of the most broadly recognized security standards and offers solutions to help you address your compliance requirements.

Security Architecture and Practices

BuyChains’s dedicated security team uses industry-accepted best practices and frameworks to keep your data safe. Our security approach focuses on security governance, risk management, and compliance. This includes encryption at rest and in transit, network security and server hardening, administrative access control, system monitoring, logging and alerting, and more.

Product Security Features

BuyChain includes a robust set of security and data protection product features that give you the control, visibility, and flexibility you need to manage all your security challenges, without compromising agility.

Identity and User Management

No company wants to worry about their data ending up in the wrong place. BuyChain’s data storage (hosted with Amazon Web Services AWS)is held to the highest security standard and ensures that only the right people on your team have access to only the information they need. Securing your information starts with identity controls, no matter where your users are located. BuyChain allows you to manage users, streamline authentication and assign roles and permissions. We give you the solutions to ensure that only the right people in your organization can access your company’s information in BuyChain.

Access Controls

We use role-based access control to information systems. Processes and procedures are in place to address employees who are voluntarily or involuntarily terminated. Access controls to sensitive data in our databases, systems, and environments are set on a need-to-know / least privilege necessary basis. Access control lists define the behavior of any user within our information systems, and security policies limit them to authorized behaviors.


By default, BuyChain encrypts data at rest and data in transit as part of our foundational security controls. We also provide tools by on request that give you further visibility and control.

ISO 27001

The highest level of global information security assurance available today


European Data Protection Authority (DPA) compliance

SSAE 16 (SOC 1 AND 2)

Operations and data center security, availability and confidentiality


European Union’s General Data Protection Regulation


For handling credit card data securely


Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR)