Security - B2B Commerce Platform

Security controls and processes

Security and privacy of your data are our #1 concern.
As such, we invest heavily to ensure that your data in our systems is safe, secured, and always available.

Pepperi is ISO/IEC 27001: 2013 certified, an international information security standard. This certification ensures IT leaders that Pepperi’s technology and processes meet the highest global standards.

Pepperi is also ISAE 3402 compliant, providing the necessary assurances that Pepperi follows the applicable controls and standards to provide services to companies who are under SOC regulation, including Sarbanes-Oxley.

The Pepperi ISO 27001 and ISAE 3402 certificates, Statement of Applicability, and related reports are available upon request.

Encrypted transmission and sessions

Pepperi secures all data communication to and from our service using the SSL/TLS protocol, ensuring that users have a secure connection from their browsers and mobile apps to our service. We employ both server authentication and data encryption to ensure that your data is safe, secure, and available only to registered users.

Web Application Security

Our cloud-based web applications are protected by best-of-breed web application security software, safeguarding from web attacks, DDoS, site scraping, and fraud.

Disaster Recovery

Your data at Pepperi is replicated across data centers in different geographic locations. We perform regular disaster recovery tests to verify our projected recovery times and the integrity of our customers’ data.


We archive daily, monthly, quarterly, and yearly snapshots of your data to ensure full recovery in the event of an unforeseen failure.

Security Monitoring

Our Information Security team monitors notification from various sources and alerts from internal systems to identify and manage threats.

Network protection

  • Perimeter firewalls and edge routers block unused protocols
  • Internal firewalls segregate traffic between the application and database tiers
  • Denial of Service protection controls

Cloud infrastructure

Pepperi is hosted by Amazon EC2, which apply the most stringent security and IT procedures:

ISO 27001-2007

An information security management standard. Includes all forms of data, documents, messages, communications, conversations, recordings, and photographs.

ISO 9001-2008

ISO 9001-2008 is the International Standard for Quality Management Systems (QMS).

SAS 70 Type II

Statement on Audition Standards (SAS) No. 70, Service Organizations, is a widely recognized auditing standard, developed by the American Institute of Certified Accountants (AICPA).

SSAE-16 Type II

An enhancement to the Reporting on Controls at a Service Organization standard. Brings US companies up to date with new international reporting standards, the ISAE 3402.