How we handle passwords

Handling third-party passwords is a sensitive operation and requires adhering to the highest standards of security and compliance.

Your credentials to log in to PSRESTful are handled by Auth0, leaders in the authentication & authorization domain.
We don't store your passwords, they do.

How we handle Supplier's credentials

1. Never Store the Passwords If not needed: When you use the Product Data, PPC, MED, and INV services, for suppliers we have credentials for, you don't need to provide your credentials.
   We will use our credentials to access the supplier's services.
2. Use Secure Connections: The communication between PSRESTful and the supplier's services is always encrypted using the latest security protocols.
3. Encrypt the Passwords: In Standard, Premium, and Enterprise Plans we must store the credentials for accessing services like Purchase Order, Order Status, Order Shipment Notification, and Invoice. We encrypt those credentials using strong encryption algorithms, and the keys are securely managed.
4. Apply Proper Access Controls: We do Limit who has access to the parts of our system where the passwords are being handled. Also, we implemented robust logging to track who accessed what and when.
5. Regular Security Audits and Compliance: Regularly review and audit your security practices and ensure that they comply with all relevant regulations and standards, such as GDPR or HIPAA.