Menu
MENU
Legal menu
Legal
Main menu

Legal

FareHarbor

Security & Privacy Overview

At FareHarbor our mission is to help you manage and grow your business with best-in-class reservation and logistics tools. We value security and privacy as one of our most important responsibilities when it comes to achieving that mission. Each section below discusses our approach to meeting or exceeding compliance requirements with regards to your business’ data and security.

GDPR

GDPR is the new data & privacy standard in the European Union (EU) governing the protection of EU residents. If you only collect data via FareHarbor, then you’re already in compliance. This includes, but is not limited to offering your users:

The right to be informed.

All data captured via your FareHarbor integration is outlined in our privacy policy which each of your customers opt into at the time of booking.

Data access, portability, rectification & erasure.

After booking, your customers can request their stored data to be provided and, if need be, deleted. If you submit a form through FareHarbor.com, you can similarly request that your stored data be provided and, if need be, deleted. Data requests can be made via our Data Request Form.

Certified International Data Transfers.

FareHarbor complies with international data protection requirements like the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework for any data captured in the European Economic Area.

PCI Compliance

Every business involved in processing, storing, or transmitting credit card data must adhere to the Payment Card Industry Data Security Standards. At FareHarbor, we take payment card security extremely seriously. FareHarbor has always been PCI compliant and that extends to all payments processed via our systems. In addition, no cardholder data is stored by FareHarbor. All payments collected through FareHarbor are processed by Stripe, a PCI Level 1-certified service provider backed by both Visa and American Express.

FareHarbor reports yearly on a PCI SAQ-D (the most stringent way to report PCI compliance). These requirements include, but are not limited to:

Your Business’ PCI Compliance

Every business that’s involved with the processing of credit cards must comply with the PCI DSS requirements, though many of them will be satisfied solely because you use FareHarbor. However, your bank may still require certification that you are adhering to the PCI security standard. If FareHarbor is your sole point of sale system and you don’t accept EMV payments, this can usually be done easily by completing a PCI SAQ-A and providing that document to your bank.

If you accept EMV payments and/or FareHarbor is not your primary point of sale, you may need to report on different guidelines. Please reach out to security@fareharbor.com to schedule a PCI discovery session or with any PCI compliance questions.

Organizational Security & Infrastructure

All FareHarbor employees are trained about the importance of privacy and security and must adhere to an inflexible, comprehensive internal security and data use policy.

FareHarbor runs in Amazon Web Services’ highly secure data centers. The FareHarbor application runs inside a Virtual Private Cloud, with individual hosts protected by firewalls configured with the most stringent rules. All communication with FareHarbor is protected at the network level using industrial-strength, secure protocols. A secured architecture, internal best practices, and third-party audits are all important components of our security program.

Contact Us

If you have any questions about this information or would like to request access to your personal data, please contact us at privacy@fareharbor.com.