We take data security seriously.
See how we Detect & Prevent against Fraud.

We understand how important the responsibility of safeguarding your information is, and we are proud to exceed the industry standard when it comes to protecting your data. At the same time, we take serious measures to protect against fraudulent transactions and this page explains how Naturaw handles your information in order to do this.

Card authentication and 3D Secure

For extra fraud protection, 3D Secure requires customers to complete an additional verification step with the card issuer when paying. Typically, it will direct the shopper to an authentication page on their bank’s website, and they enter a password associated with the card or a code sent to their phone. This process is familiar to customers through the card networks’ brand names, such as Visa Secure and Mastercard Identity Check.

Watch our payment processor's video below, for an example of an authenticated checkout flow.

Your data is instantly backed up

Your customer data, including order data, personal identifiable information (such as credit cards, social media logins), is encrypted and backed up to multiple data center availability zones. This means that all data is written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure. Redundant hosting means you get instant access, no matter where you are. Our systems are engineered to stay up even if multiple servers fail.

Your data is securely protected

Every interaction you have with Naturaw is encrypted via HTTPS. This means that whenever your data is in transit between you and us, everything is encrypted, and sent securely. Any files which you upload to us (such as image reviews) are stored and are encrypted at rest. Any order data (i.e., order tracking, payments, and allocations) are encrypted at the database level using AES 256 encryption. Our backups of your data are also encrypted using AES 256.

Application security testing

Third party security software test Naturaw on a continuous basis and asses the security state of all Naturaw applications and environments, including in-store payments. This penetration testing includes web, mobile and API coverage of OWASP top 10 security threats and application logic attacks. For our networks and infrastructure, we perform external network penetration testing covering best practices (OSSTMM, SANS top 20 security controls, etc.).

PCI-DSS compliant billing security

All credit card transactions are processed using secure encryption — the same level of encryption used by leading banks. Card information processing, transmission, and storage of card data comply with the Payment Card Industry Data Security Standards (PCI-DSS). Our payment service provider has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry. In short, Naturaw lives up to the highest PCI compliance standard, and we never see (or have access to) your card data at all.

GDPR compliant - General Data Protection Regulation

Although outside the EU, we are still be aware of this. The provisions of the GDPR apply to any organization that processes personal data of individuals in the EU, including tracking their online activities, regardless of whether the organization has a physical presence in the EU. And, since our redundant databases rest within the EU and have a digital presence, compliance with and to international law and regulations are very important to us. The GDPR (General Data Protection Regulation) is an essential piece of legislation that is designed to strengthen and unify data protection laws for all individuals within the European Union.