Last updated: October 11, 2021
Security is essential to everything we do. We’ve built our products from the ground up to make them secure by design. Below, we outline how we protect customers’ data. If you have specific questions or concerns, contact us at firstname.lastname@example.org.
Accessing customer data
Role-based access controls are enforced at each layer of infrastructure. Multi-factor authentication is required for access to Olive infrastructure. All application and user access logs are stored centrally and monitored.
Olive API only allows client requests using strong TLS protocols and ciphers. Communication between Olive infrastructure and our payment networks partners is transmitted over encrypted tunnels. All client communication with Olive API requires API key authentication.
Protecting customer data
Olive can’t access any personal details related to enrolled cards. As soon as a cardholder links their card through a secure iFrame and TLS channel, Olive encrypts their details with bank-level security encryption. That encryption — or tokenization — replaces the customers’ details with a token ID so that our Payment Network Partners (i.e. Visa, and Mastercard) can let us know when a consenting cardholder has made a transaction.
Olive uses a PCI Level 1 compliant card vault, which has been approved by an independent Qualified Security Assessor (QSA) to safely and securely handle cardholder data during credit card transactions. The Payment Card Industry Data Security Standard (PCI DSS - 2006) is an industry-wide standard created by the five largest card networks ensure that card payment processors safely and securely accept, store, process, and transmit cardholder data. We do not store any personal information on our servers. The personal information held by the vault is protected from misuse, interference, loss, unauthorised access, modification or disclosure through various methods including access limitation, and industry-standard Secure Socket Layer (SSL) encryption technology. Security safeguards include data encryption, firewalls, and physical access controls to buildings.
Frequently Asked Questions
We know you may have additional questions. A few that we often hear from customers exploring card linked services and payments-driven technologies are listed below. Please do not hesitate to get in touch with any additional questions you have.
Do you need my customer's banking credentials to enrol them?
Olive never asks for your customer's banking credentials. While there are data services available that rely on connecting to your customer's bank accounts on their behalf through a process known as "screen scraping", Olive does not employ such practices. Olive never sees your customer's banking information or credit card PAN.
Is any personal information collected or stored by Olive about my customers?
Olive does not collect or store any identifiable personal information about your customers. All transactional information is associated with a unique token that only you can link to any personal customer information that you may have access to or store.