PrintIntegrator

Security

Your data, your hosting, your rules.

PrintIntegrator is licensed software, not hosted SaaS. Customer designs, order data, and personalization metadata live on infrastructure you control — your own cloud, your on-prem servers, or a managed deployment we run for you.

Abstract data-security illustration

Architecture

What runs where

Self-hosted (default)

Deploy on your own infrastructure — AWS, GCP, Azure, on-prem, or a VPS. You own the OS, you own the database, you own the backups. Source code access is included on the Enterprise tier.

Managed by us

Optional — we operate the infra on a regional cloud provider you pick. Daily backups, monitored 24/7, point-in-time recovery. The license model and feature set stay the same.

Data residency

Pick the cloud region at install: EU, US, IN, SG, AU, or ZA. Customer designs and personal data never leave the chosen region. Useful for GDPR, DPDP, and similar locality rules.

Practices

Security practices baked in

  • Transport encryption

    TLS 1.2+ enforced for all customer-facing traffic. Static assets served from same-origin domain by default — no third-party CDN routing for personalized content unless you configure it.

  • At-rest encryption

    Stored design files and order records encrypted using the underlying cloud provider keys (AWS KMS, GCP KMS, Azure Key Vault) or a customer-provided HSM on Enterprise.

  • Role-based access control

    Granular roles for admin, operator, designer, and customer-service users. Permissions cover orders, designs, templates, pricing, and reporting independently.

  • Audit log

    Every administrative action — pricing change, template edit, refund, configuration update — captured in an append-only audit log with actor + timestamp + diff.

  • SSO on Enterprise

    SAML 2.0 and OIDC supported for the admin panel. Works with Okta, Azure AD, Google Workspace, Auth0, and any standards-compliant IdP.

  • Backups + recovery

    Daily snapshots with 7-day point-in-time recovery on managed deployments. Self-hosted operators control their own RPO/RTO via their cloud provider tools.

  • WAF + rate limiting

    Web application firewall + per-IP rate limiting on the customer-facing storefront. Form endpoints have honeypot + timestamp checks against scripted submissions.

  • Security review per release

    Each major release ships with an internal security review. Independent third-party reviews are commissioned annually and available under NDA.

Compliance

Where we stand on standards

GDPR + DPDP aligned

PrintIntegrator processes personal data only as needed to deliver the service you've configured. Data processing addenda available on request. EU and India data residency supported at install. Customers control retention, deletion, and export workflows from the admin panel.

SOC 2 readiness

<!-- REVIEW: confirm SOC 2 Type II timeline before publishing --> Managed deployments operate against SOC 2 Type II–aligned controls. The formal Type II audit is on the roadmap; the readiness report and current control inventory are available to enterprise prospects under NDA.

Need a specific certification or framework (ISO 27001, HIPAA, PCI scope reduction)? Talk to us — most asks fit within the existing self-hosted model where the customer's own compliance posture extends to the deployment.

Incident response

If something goes wrong

Reporting

Security disclosures go to security@printintegrator.com. We respond within one business day and triage immediately.

Customer notification

On managed deployments, affected customers receive an initial notification within 72 hours of a confirmed incident, followed by a full post-mortem once the investigation completes.

Responsible disclosure

We welcome security research. Responsible disclosure following industry-standard coordinated-vulnerability-disclosure norms is acknowledged in our hall of fame on request.

Stay informed

Security updates in your inbox.

One short email when we ship a meaningful security or compliance update. No marketing fluff.

Need a security review before signing?

We send the control inventory, data-flow diagram, and our incident-response runbook under NDA. Most procurement teams clear us in a single review cycle.