Security Overview
Secure Print handles sensitive government documents and citizen payments. Security is not an add-on — it's built into every layer of our platform.
All data in transit is protected with TLS 1.2+. Documents stored in the cloud are encrypted at rest with AES-256. No document ever touches an unencrypted surface.
Each print session runs in complete isolation. No session can access another's documents, payment state, or identity. Sessions and their files are automatically destroyed within 24 hours.
We never read, index, or analyze the contents of your documents. Files exist solely to render a print job. Our staff has no access to document contents.
Our infrastructure is monitored 24/7 for anomalies, intrusion attempts, and availability. All access to production systems is logged and audited.
Compliance Certifications
Our systems are audited annually against the AICPA's Trust Services Criteria for security, availability, and confidentiality. SOC 2 means the audit covers actual performance over time — not just a point-in-time snapshot.
Government facilities often handle health-adjacent documents (disability forms, medical exemptions, etc.). Our platform is designed and operated in compliance with HIPAA's technical, administrative, and physical safeguard requirements.
Payment card data never touches our servers. All card processing is handled exclusively by Stripe, a PCI-DSS Level 1 certified processor. We receive only a transaction confirmation and a partial card descriptor for receipt purposes.
Our station interface and website meet WCAG 2.1 Level AA accessibility standards, ensuring usability for visitors with visual, motor, or cognitive impairments — a requirement for deployment in public government facilities.
Data Handling
| Data | Storage | Deleted |
|---|---|---|
| Uploaded documents | AWS S3, AES-256 encrypted | Within 24 hours |
| Payment card data | Stripe only (never our servers) | Never stored by us |
| Email address (receipt) | Encrypted database | Within 30 days |
| Session & audit logs | Encrypted, access-controlled | After 90 days |
Infrastructure Security
- Production infrastructure hosted on AWS and Vercel with SOC 2 certifications
- Principle of least privilege: staff access is role-based and reviewed quarterly
- All administrative access requires multi-factor authentication
- Dependency and vulnerability scanning runs automatically on every code change
- Penetration testing conducted annually by a third-party security firm
- Station hardware is physically secured within the government facility under the facility's own access controls
Incident Response
In the event of a security incident, we follow a documented incident response plan that includes immediate containment, root-cause analysis, and notification to affected parties within the timeframes required by applicable law. Government facility partners will be notified directly for any incidents affecting their location.
Report a Security Issue
If you believe you've found a security vulnerability in our systems, please report it responsibly. Email us at contact@secureprintingservices.com with a description of the issue. We will acknowledge your report within 48 hours and work with you to address it promptly. We do not pursue legal action against good-faith security researchers.
Contact
Questions about our security posture or compliance documentation? Reach us at:
Secure Printing Services, Inc.