Manage My Market – Security & Data Protection Overview

Manage My Market treats security as a core product feature — not a checkbox.

Farmers’ markets trust us to handle sensitive applications, documents, payments, and vendor information. Because of this responsibility, we built our platform using the same security standards adopted by high-growth SaaS companies and financial technology providers.

Our approach is straightforward: protect every layer of the system. We use Amazon Web Services (AWS) for secure, world-class infrastructure; rely exclusively on PCI-DSS Level 1 certified payment processors; never store financial information on our own servers; encrypt all data; and maintain continuous monitoring across the platform.

This level of investment clearly differentiates us from competitors. Market managers can operate with confidence, knowing their systems, documents, and payments are protected end-to-end.

Table of Contents

1. AWS Infrastructure Security
2. PCI Compliance & Payment Security
3. Data Encryption & Privacy
4. Application-Level Security
5. Monitoring, Logging & Incident Response
6. Ongoing Security Commitment

1. AWS Infrastructure Security

Manage My Market is hosted on Amazon Web Services (AWS), giving us access to world-class physical, network, and operational security. AWS maintains independent certifications such as SOC 1, SOC 2, SOC 3, ISO 27001, and PCI DSS. By building on AWS, we inherit a hardened, highly available infrastructure that supports secure, always-on access for markets and vendors.

AWS data centers provide:

Physically secure, professionally managed facilities
Redundant power, networking, and environmental controls
Continuous monitoring and logging at the infrastructure level
Regular security updates to host systems and services

This foundation allows Manage My Market to focus on application-level security, knowing the underlying infrastructure is maintained to rigorous industry standards.

2. PCI Compliance & Payment Security

Manage My Market follows strict PCI-DSS (Payment Card Industry Data Security Standard) practices by design. A key principle of our security model is that we do not store financial card data on our servers.

Instead, all card payments are processed through PCI-DSS Level 1 certified providers:

Stripe
Square
PayPal

These providers handle card numbers, CVVs, and bank details. Manage My Market only receives tokens and transaction identifiers needed to confirm payments and associate them with invoices. This design significantly reduces risk by ensuring sensitive financial data never resides inside the Manage My Market application or database.

Benefits of this model include:

Reduced attack surface for financial data
Alignment with payment industry best practices
Independent certification and audits handled by the payment processors

3. Data Encryption & Privacy

All communication between users and Manage My Market is encrypted in transit using HTTPS/TLS, preventing eavesdropping or tampering as data flows across the internet. Within our environment, sensitive data is encrypted at rest using strong encryption standards (such as AES-256), protecting it in case of hardware loss or unauthorized access to storage.

We also apply strict privacy and access controls:

Vendor and market data is never sold or shared with third parties for marketing purposes.
Access to production systems is limited to authorized team members who require it for support and operations.
Access is logged and auditable to support monitoring and review.

Our goal is to ensure that market and vendor data is both secure and handled in a respectful, privacy-aware manner.

4. Application-Level Security

Beyond infrastructure and payments, Manage My Market is built with application-level security in mind:

Account Protection: Passwords are stored using secure cryptographic hashing and salting techniques. We apply basic protections against brute-force login attempts and suspicious activity.
Role-Based Access: Market managers, staff, and vendors see only the data that is relevant to their roles. Administrative interfaces are restricted.
Secure Development Practices: We incorporate code review, dependency management, and security-aware development practices to reduce vulnerabilities before they reach production.

These measures help ensure that the application itself is aligned with best practices for modern SaaS platforms.

5. Monitoring, Logging & Incident Response

Manage My Market employs monitoring and logging across key parts of the system to detect unusual behavior and support effective troubleshooting.

Our approach includes:

Application and infrastructure-level metrics and alerts
Centralized logging of important events
Regular review of patterns that might indicate abuse or misuse

If an issue is identified, we follow a structured incident response process that includes containment, investigation, customer communication (where appropriate), and remediation steps. Our aim is to minimize impact and restore normal operations quickly.

6. Ongoing Security Commitment

Security is not a single project or feature — it is an ongoing discipline. Manage My Market continually invests in improving our security posture over time.

Examples of ongoing efforts include:

Regular software updates and patching
Review of cloud configuration and access controls
Monitoring changes to AWS and payment processor best practices
Iterative improvements to logging, monitoring, and alerting

As our platform evolves, we treat security as a core requirement for every new capability. Our goal is not just to “be secure enough,” but to provide a level of protection that lets farmers’ markets run confidently on Manage My Market for the long term.