(216) 356-6800 admin@RegChange.com

RegChange INFORMATION SECURITY STATEMENT

Reg Change LLC (“RegChange”, “We” or “Us”) understands the importance of keeping Your (“You” or “Your” means the company or other legal entity, its directors, officers, affiliates agents, and employees using the RegChange Service) information safe and secure. The security of Your account and electronic records is fundamental to Us and We have taken the following steps to protect your data:

  • RegChange utilizes AWS’ certificate manager to manage our SSL certificate;
  • The information each financial institution records regarding its responses to regulatory updates and project plan information is maintained on AWS’ servers separately from any other financial institution’s data, is password protected and utilizes 256-bit encryption;
  • RegChange will not access Your data without Your permission and We will only request such permission in order to provide technical support;
  • Your RegChange passwords are hashed and not accessible to anyone else;
  • Your credit card information is transmitted to Stripe, Inc. (Stripe) using 256-bit Secure Socket Layer encryption. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1.  All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).  Stripe’s security information is available at https://stripe.com/docs/security/stripe;
  • RegChange does not retain your credit card information on its own systems or computers; and
  • The information on RegChange’s System is backed-up nightly.  Backups are kept for 7 (seven) days.