# Security

As a connection layer between merchants and channels, highly sensitive data is moving through the Violet system at all times. We know that both channels and merchants are trusting us to keep this data secure in transit and at rest. To maintain this trust we implement the latest technologies and follow industry standards throughout the lifecycle of our services.

## Security Practices

We continuously strive to follow and implement the latest security technologies and practices. The following are a few of the technologies and practices we utilize today.

* Encryption of sensitive data at rest using AES/CTR/NoPadding and KMS.
* Bcrypt/Blowfish hashing of sensitive data like passwords.
* Ongoing vulnerability scans powered by [Snyk](https://snyk.io).
* Regular penetration tests performed by [HackerOne](https://www.hackerone.com).
* Ongoing access reviews.
* Complete backups of all data.
* Logging and monitoring.

## Security Standards

Violet complies with and/or has been audited for the following security standards.

* GDPR
* CCPA
* PCI-DSS (Service Provider Level 2)
* SOC2 Type 2


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.violet.io/help/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.