Volterra adheres to industry standard compliance certifications and security regulations to earn our customers’ trust

Compliance at Volterra

PCI DSS Compliant badge

Volterra has achieved Payment Card Industry (PCI) Data Security Standard (DSS) Level 1 compliance, the highest and most stringent level of compliance.

Volterra's Voltmesh service that includes Reverse Proxy, Load-balancer, Web Application Firewall (WAF), and Distributed Denial of Service (DDOS) on Volterra’s Application Delivery Network (ADN) is PCI DSS Level 1 compliant.

Volterra is audited annually by a third-party Qualified Security Assessor QSA. Volterra's Attestation of Compliance is available upon request.

GDPR logo

Volterra's commitment to GDPR compliance

Our mission is to deliver “Universal Cloud Access” to all users, and we believe the protection of our customers' and their end users' data is fundamental to this mission.

We minimize our collection of personal data and only use personal data for the purpose for which it was collected. We have committed that we would keep personal information private, so we have never sold or rented our users’ personal information to anyone.

California Consumer Privacy Act logo

Volterra's commitment to CCPA compliance

California's data privacy act is a governmental framework designed to help safeguard consumers' sensitive personal information.

Volterra has been adhering to strict standards for our users’ data, as outlined in the GDPR section, even before CCPA went into effect. In addition, Volterra’s patent pending Blindfold technology empowers customers to use their secrets (credentials, certificates) on our platform without giving us access to the secret.

PCI DSS Compliant badge

What is PCI-DSS compliance?

The PCI DSS (Payment Card Industry Data Security Standard) is an information security standard designed to increase controls around cardholder data to reduce payment card fraud.

Volterra’s PCI-DSS Certification

Volterra has achieved Level 1 compliance, the highest and most stringent level, allowing us to process more than 6 million transactions annually. As part of PCI DSS certification process, Volterra’s entire global infrastructure has been audited including, VoltConsole, VoltMesh, VoltStack, Volterra Control Plane, all our data centers, as well as our security policies and software development processes. However, the certification focused on VoltMesh service. Volterra does not process nor store cardholder data in any manner since VoltMesh acts as a reverse proxy, load-balancer and app firewall between our customers’ origin servers (merchant or payment service provider) and their end consumers. Volterra treats all communication from the end consumer, which could potentially include PAN (primary account number), security code, and expiration date to the origin server as customer’s sensitive data. The Level 1 certification validates that any action performed on customers’ data by Volterra global infrastructure complies with PCI DSS requirements.

Benefit to our Customers

For e-commerce merchants, payment service providers, and more generally any customer that stores, transmits, or accepts cardholder data, Volterra’s Level 1 certification will greatly facilitate our customers’ own PCI DSS compliance.

Furthermore by using Volterra’s VoltMesh services that includes a web application firewall (WAF), it will help our customers meet their own PCI requirement 6.6.

Lastly by complying to the arduous requirements of PCI DSS, we are providing to all our customers an independent and industry-accepted security review of our processes, policies, infrastructure, and software development methodology.

GDPR logo

What is GDPR compliance?

European Union (EU) General Data Protection Regulation (GDPR) defines privacy protections and obligations for companies that handle personal data originating in the EU. Any company that processes personal data originating in the EU (whether or not the data subject is a citizen or resident of the EU) or the data of an EU resident—whether the company has operations in the EU or not—is covered by the GDPR.

Volterra's commitment to GDPR compliance

At Volterra, our mission is to deliver “Universal Cloud access” to all users, and we believe the protection of our customers' and their end users' data is fundamental to this mission. We have adhered to stringent standards w.r.t end users’ data even before Europe’s watershed General Data Protection Regulation (GDPR) went into effect in 2018, We minimize our collection of personal data and only use personal data for the purpose for which it was collected. We have committed that we would keep personal information private, so we have never sold or rented our users’ personal information to anyone.

We have always followed the guidelines outlined by GDPR
  • Only collect the personal data needed to provide the service offered.
  • Don’t sell personal information.
  • Give people the ability to access, correct, or delete their personal information.
  • Consistent with our role as a data processor, give our customers control over the information captured by our products such as web application firewall (WAF).

As data protection is an ever-evolving environment, we continue to monitor ongoing developments globally and will update this page as appropriate.If you have any further questions about about how we process data on behalf of our customers in a GDPR compliant fashion please reach out to us at support@volterra.io.

California Consumer Privacy Act logo

California Consumer Privacy Act (CCPA)

Similar to Europe's General Data Protection Regulation (GDPR), though with several key differences, California's data privacy act is a governmental framework designed to help safeguard consumers' sensitive personal information. As the digital landscape has evolved over the past decade, the tech sector's notion of consumer rights have expanded - particularly when it comes to sensitive data. With a number of highly-public sensitive data breaches in recent years, personal information - from Social Security Numbers to payment card data - needs to be safeguarded more vigorously than ever before. California's data privacy act, known as CCPA, is an effort to do just that. It's a governmental framework designed to help make sure organizations are properly protecting their customers' sensitive personal data.

Volterra's commitment to CCPA compliance

Volterra has been adhering to strict standards for our users’ data even before CCPA went into effect. We minimize our collection of personal data and only use personal data for the purpose for which it was collected. We have committed that we would keep personal information private, so we have never sold or rented our users’ personal information to anyone. We give people the ability to access, correct, or delete their personal information; and consistent with our role as a data processor, give our customers control over the information captured by our products.

In addition, Volterra’s patent pending Blindfold technology enables customers to use their secrets (credentials, passwords, certificates) on our platform without giving us access to the secret. We put on our Blindfolds when handling your secrets, so that your secrets remain a secret.

If you have any further questions about about how we process data on behalf of our customers in a CCPA compliant fashion please reach out to us at support@volterra.io.