Alpha Alpha release: all data shown on this platform is demo data and may be reset at any time.
Legal Document

Security Overview

Readable, printable, and part of the same frontend experience as the rest of Creativemark.

← Back to legal center
Versioned Document

Security Overview

Reference hash c3705821f2fa. This document is versioned and rendered for the current platform or active store context.

Version 2 Effective 21 April 2026 Platform standard EN
Browse all documents

Security Overview

Last updated: 21 April 2026

1. Payment security

All payment data is processed by PCI DSS Level 1 compliant payment service providers (e.g. Stripe). Creativemark does not store, process, or have access to full card numbers, CVV codes, or PIN data. All payment pages use TLS 1.2+ encryption.

2. Data encryption

  • In transit: all data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (HTTPS).
  • At rest: sensitive data, including licence keys, is encrypted at rest using industry-standard algorithms (AES-256).

3. Access controls

  • Administrative access is restricted to authorised personnel on a need-to-know basis.
  • All administrative actions are logged in an audit trail.
  • Two-factor authentication (2FA) is available and encouraged for all accounts.
  • API access is controlled via scoped authentication tokens.

4. Infrastructure

  • The Platform is hosted on reputable, ISO 27001 certified cloud infrastructure.
  • Automated backups are performed regularly and tested for integrity.
  • Rate limiting and DDoS protection are in place to maintain service availability.

5. Vulnerability management

We regularly review our codebase and dependencies for security vulnerabilities. Critical patches are applied promptly. If you discover a security vulnerability, please report it responsibly to us.

6. Incident response

In the event of a personal data breach, we will notify affected individuals and the relevant supervisory authority (e.g. the ICO) in accordance with the timelines and requirements of the UK GDPR (within 72 hours of becoming aware, where required).