We fully comply with the requirements for all of our services to be GDPR ready and ensure organisational and technical security for all services.
Under Amazon's control since we use an EC2 instance.
The only person with access to Amazon Information is the client/end-user. They have a unique username and only have access to their own Amazon Information. Their information is encrypted with a key generated solely from information the client enters to login with, and is never stored anywhere within the system, in any form.
The only Amazon Information that leaves the system is the country code and VAT ID number of a business who is claiming a preferential VAT rate for a specific transaction. That data is sent over https to the official VIES-on-the-web service in order to validate the VAT ID number, and is sent at the clients' specific request, and in isolation from any other information at all.
System-level log files that record all client activity can be monitored and analysed to determine legitimate and suspicious behaviour. Any data intercepted by malicious users is encrypted with a key that is not stored anywhere, and in AES-256 encryption, considered by the American Secret Service to be Top Secret level, so it is not possible to brute force attack it. The data relates to VAT calculations, so is generally not valuable and is recreatable by the client anyway.
PII is retained at the clients' request, in order to calculate VAT liability. All information is deleted instantly on client online request. If the data is lost due to system failure, it is not recoverable and client has to explicitly re-upload the data. This is intentional, to ensure absolute privacy.
Our policy is that the only person who has any access to PII is the client. No one, including Administrative users of any level, can view this data except the client, and only then in relevant report format. The raw, plaintext data is either uploaded via a spreadsheet file over HTTPS to the Amazon AWS EC2 instance, or is acquired over HTTPS from a providing API (either from PayPal, or Amazon currently). Once in the servers' memory, the PHP code encrypts it before storing in the MySQL database on the same instance. It is only decrypted when used to generate a report the client has requested, and then only the immediately-relevant data is decrypted immediately upon use and discarded from memory. The report is securely deleted after the client has downloaded it, or on demand from the client. The record of data processing activities is available separately.
All PII is encrypted at rest using AES-256 in CTR mode. The cryptographic key used to encrypt/decrypt this data is not stored anywhere other than computer memory, for as long as the client is logged in.
Only end clients have access to any PII; Support-, Admin-, and Owner-level users only have access to generate reports that do not contain any PII at all.
Client activity is logged in system-level log files, and can be monitored and inspected as required.