Hi,
I’m building MVP for an app that will help manage some finance for users. In the next phase of a project, I’ll need to become a virtual card issuer, so I will get some sensitive data going around = need for PCI compliance. I know that Bubble is not PCI compliant, and I was looking into the outsourcing of sensible data transfers to service like www.VeryGoodSecurity.com. I’ve contacted them, and they told me that they use a proxy for all sensitive data and give aliases to my servers so I can work with it in my app.
I’m not a technical person, so my question is, does Bubble support proxy connections with services like very good security?
Maybe someone from the forum had a project where they integrated Bubble with service like this?
@wojtek Who are you issuing virtual cards through? They should have options for integrating some type of widget into your site where they are covering the PCI compliance burden.
I’m thinking about Marqeta, and this is not only issuing of cards but money transfers as well. From the information I did got, I’ll touch on some of the user’s data that has to be secured. That’s is why I would like to use VGS to handle that data so I don’t need to get PCI for bubble server.
Marqeta provides a JavaScript library that enables you to display sensitive card data in your application or webpage while limiting your data security compliance burden.
I’m concerned by a problem with sensitive data going around within my app. One thing is to get, for example, Marqeta to work with Bubble. Still, another thing is to handle user sensitive data (card numbers, money transfers, private data). This is the place where I was considering VGS to outsource the handling of that sensitive data. But I don’t know anything about proxy like VGS is using and if I can get it to work with Bubble. My user’s data security and privacy are fundamental to me and that’s why I’m thinking about this subject.
How far did you go with http://www.verygoodsecurity.com/? Can it work with Bubble? Im interested in something like this to be HIPAA and GDPR compliant.
It can work with bubble but we end up building our product with company that is providing us with all the security we need.
In the end you just pass the info thru API or iFrame taking your app out of the scope if I remember right.
I think bubble is GDPR compliant but it’s best to check with your lawyer.
With HIPAA it’s more complicated and VGS probably would solve security risks for you.
