Giftpack maintains an information security program designed to protect customer and platform data, support privacy obligations, and promote reliable service delivery. This page provides a high-level overview of the controls, processes, and assurance practices that customers, procurement teams, and security reviewers often ask about during evaluation. Effective Date: March 28, 2026.
SECURITY OVERVIEW
Program Approach
Giftpack maintains administrative, technical, and organizational measures designed to protect customer and platform data. Our security program is intended to support confidentiality, integrity, availability, privacy, and responsible service delivery.
INFRASTRUCTURE AND HOSTING
Cloud Infrastructure
Giftpack uses Google Cloud Platform (GCP) for hosting and related infrastructure services. Giftpack uses GCP infrastructure in Tokyo for disaster recovery purposes. Production and related environments are managed with security, resilience, and operational continuity considerations in mind.
Environment Management
Giftpack manages production and related environments with controls intended to support change management, system reliability, and appropriate separation of access and responsibilities where applicable.
ENCRYPTION
Data Protection in Transit and At Rest
Giftpack uses industry-standard encryption protocols to protect data in transit and at rest. Encryption measures are designed to support the confidentiality and integrity of data processed through the platform.
ACCESS CONTROL AND AUTHENTICATION
Access Management
Access to systems and customer data is limited to authorized personnel with a legitimate business need. Giftpack applies role-based access principles and seeks to follow least-privilege practices where appropriate.
Authentication Controls
Giftpack supports authentication and access controls intended to reduce unauthorized access risk, including multi-factor authentication for internal systems where appropriate. Single sign-on and related identity controls are also supported depending on the service configuration and plan.
SECURE DEVELOPMENT AND CHANGE MANAGEMENT
Development Practices
Giftpack maintains development and change-management practices designed to support secure software delivery. Code changes and infrastructure updates are intended to be reviewed, tested, and deployed through controlled workflows appropriate to the service environment.
MONITORING, LOGGING, AND VULNERABILITY MANAGEMENT
Security Operations
Giftpack maintains monitoring and logging practices designed to support the detection, investigation, and response to potential security events and operational anomalies.
Security Testing and Remediation
Giftpack performs vulnerability scanning and periodic security testing, including penetration testing, and reviews identified issues for remediation based on risk, severity, and operational context.
INCIDENT RESPONSE
Response Process
Giftpack maintains incident response processes designed to support the identification, escalation, containment, investigation, remediation, and communication of security incidents as appropriate. Relevant customers may be notified in accordance with contractual and legal obligations.
PERSONNEL AND INTERNAL SECURITY
Workforce Awareness
Giftpack's security program is supported by internal policies, confidentiality obligations, and security awareness practices intended to reinforce responsible handling of systems and data.
PRIVACY AND DATA PROTECTION
Responsible Data Handling
Giftpack's security and privacy practices are intended to support responsible handling of personal data and confidential information. Access restrictions, confidentiality obligations, and security controls are designed to support applicable privacy requirements. For more information, please review Giftpack's Privacy Policy.
COMPLIANCE AND ASSURANCE
External Assurance and Program Alignment
Giftpack maintains a SOC 2 Type II report covering relevant security controls. Giftpack's privacy and security program is designed with reference to recognized frameworks and regulatory requirements, including GDPR, CCPA, and controls aligned with ISO 27001 principles where appropriate.
VENDOR AND SUBPROCESSOR MANAGEMENT
Third-Party Risk Management
Giftpack evaluates and manages third-party service providers with security and privacy considerations in mind. Access to data is intended to be limited to what is necessary for service delivery, and contractual protections are used where appropriate.
SECURITY REVIEW AND CONTACT
Additional Review Requests
Customers who require additional security review, questionnaires, or assessment support may submit a request through the channel below. Giftpack may provide additional documentation, including security questionnaires or supporting materials, subject to confidentiality requirements and internal review processes.
General Data Protection Regulation (GDPR)
Giftpack's privacy and security program is designed to support GDPR-related obligations where applicable and to help customers evaluate data protection practices during review.
California Consumer Privacy Act (CCPA)
Giftpack supports customer privacy obligations under the CCPA where applicable, including service-provider style processing expectations in the appropriate context.
SOC 2 Type II
Giftpack maintains a SOC 2 Type II report covering relevant security controls for the platform and related service environment.
Monitored by Vanta
Giftpack uses Vanta to support aspects of security monitoring, evidence collection, and security program operations.
