What this means for you:

• Canyon Insights can view reporting and transaction detail data from your connected gateways
• The platform cannot process, initiate, or modify transactions
• Refunds, voids, and operational changes remain fully controlled within your gateway
• API access can be revoked at any time

What this means

• Canyon Insights does not store full card numbers
• Payment transactions are processed entirely within your payment gateway
• Canyon Insights does not initiate, route, or authorize payment transactions
• Card data received from gateway APIs is limited to masked or truncated values (e.g., last four digits)

PCI compliance responsibility for payment processing remains with your payment gateway and acquiring bank.

Our approach includes

• Encrypted data in transit using industry-standard encryption protocols
• Encrypted data at rest within our platform
• Role-based access controls and least-privilege permissions
• Infrastructure hosted on Amazon Web Services (AWS), including serverless compute, S3 storage, and CloudFront content delivery, with Cloudflare routing for additional network protection
• Strong password requirements enforced for all accounts, including minimum length, mixed case, numbers, and special characters
• Automatic session timeouts to protect against unauthorized access on unattended devices