Security & Compliance

Drive247 takes the security of your business data seriously. Here is an overview of our practices and commitments.

Infrastructure

• Hosted on industry-leading cloud infrastructure with SOC 2 and ISO 27001 certifications.
• All data encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Automated backups with point-in-time recovery.

Application security

• Role-based access control for operator accounts.
• Server-side input validation and parameterized database queries.
• Rate limiting and abuse protection on public endpoints.
• Regular dependency audits and security patching.

Payment handling

Payments are processed through Stripe, a PCI DSS Level 1 certified provider. Drive247 never stores raw credit card numbers.

Data privacy

• Rental operators are data controllers; Cortek acts as a data processor under a formal data processing agreement.
• Data can be exported or deleted upon request in compliance with applicable regulations.

Responsible disclosure

If you discover a security vulnerability, please report it to security@cortek.co. We appreciate responsible disclosure and will respond within 48 hours.