At HotWax Commerce, we prioritize the security, privacy, and reliability of our customers' data.
At HotWax Commerce, we prioritize the security, privacy, and reliability of our customers' data.
Data Center Security
HotWax Commerce leverages Amazon Web Services (AWS) in the United States for data hosting, ensuring that your data resides in secure, high-performance servers. AWS data centers comply with stringent physical security standards and are regularly audited to meet ISO/IEC 27001 and SOC 2 requirements. HotWax’s alignment with AWS’s SOC 2 compliance guarantees data center security as part of our infrastructure.
Office Security
Our offices maintain strict access control policies. Entry is monitored by reception staff, who also manage visitor registration and escorting. Premises entry is authenticated using a combination of physical security services and a digital system, such as a punch-in/out machine, ensuring secure login for employees.
Certain areas within the office are secured with locked zones, and server rooms are accessible only through an automated locking system, limiting access to authorized individuals. These measures ensure a secure working environment and protect sensitive areas.
HotWax Commerce platform operates within a highly controlled network environment. All customer data is stored in private environments inaccessible to external parties. A bastion machine serves as the single, secure entry point to access private systems. This machine is configured to allow connections only from specific IP addresses and is accessible exclusively to authorized users using key-based authentication. Comprehensive session tracking ensures accountability by recording login activities and monitoring user actions.
The bastion machine also features robust security groups to tightly control access permissions. This setup ensures that only users with explicit authorization can interact with the private environment, safeguarding sensitive data.
HotWax Commerce implements a multi-layered approach to secure its platform and protect user data. Our cloud-based platform ensures end-to-end encryption through HTTPS/TLS 1.2 standards, safeguarding data both in transit and at rest. Firewalls and Web Application Firewalls (WAF) actively control and monitor access, filtering out malicious traffic and mitigating unauthorized activities.
Access control is strictly enforced through role-based permissions, allowing different access levels for administrators and regular users. Single Sign-On (SSO) streamlines secure login processes while maintaining tight control over access permissions. Additionally, Two-Factor Authentication (2FA) is implemented across all application levels, ensuring that only authorized users can log in based on their assigned roles.
To maintain platform integrity, HotWax Commerce conducts quarterly penetration tests and regular vulnerability assessments. Any identified risks are promptly addressed, ensuring a secure environment for all users.
HotWax Commerce implements a two-fold strategy to ensure uninterrupted service and data accessibility, even in adverse conditions. This approach combines real-time data replicas, automated daily backups, and manual backups to maintain data integrity and minimize downtime.
Real-time Data Replicas
We maintain real-time replicas of data to support disaster recovery efforts. These replicas provide immediate availability, allowing the system to continue functioning seamlessly during unexpected events.
Automated Daily Backups
Daily automated backups are conducted at scheduled intervals and securely stored in isolated environments, ensuring efficient recovery in case of disruptions.
This two-fold strategy is further strengthened by geo redundancy, with resources distributed across separate environments in the East and West regions. This design ensures resilience and operational continuity, even in the face of significant disruptions.
HotWax Commerce fosters a culture of security awareness among its employees. Regular training sessions educate team members on best practices, emerging threats, and the importance of data protection. All employees sign Non-Disclosure Agreements (NDAs) as part of their onboarding process and undergo background checks to ensure integrity and accountability. These measures reinforce our commitment to maintaining the highest standards of data security.
HotWax Commerce’s operations are guided by well-documented policies and procedures designed to uphold security and efficiency. These policies cover change management, incident response, and regular audits, ensuring that all operational activities align with industry standards and customer expectations.
HotWax Commerce’s operations are guided by well-documented policies and procedures designed to uphold security and efficiency. These policies cover change management, incident response, and regular audits, ensuring that all operational activities align with industry standards and customer expectations.
At HotWax Commerce, we understand the importance of trust. By combining robust security practices with a proactive approach to compliance and operational resilience, we deliver a platform you can rely on to safeguard your business data.
If you have additional questions about our privacy and security practices, please reach out to our team at info@hotwax.co. We’re here to address any concerns and provide further details on how we safeguard your data.
HotWax Commerce offers several options for fulfilling store pickup orders:
A. HotWax Commerce BOPIS Fulfillment App: A stand-alone mobile app for retailers who are open to using third-party apps to fulfill BOPIS orders from stores.
B. In-house Custom POS Application: For retailers who prefer not to use third-party apps and want to avoid additional training for store associates, HotWax Commerce offers APIs for reading and fulfilling store pickup orders. Retailers' tech teams can use these APIs to develop custom applications within their existing POS systems.
C. Shopify POS BOPIS Fulfillment App: For retailers using Shopify POS, we provide a "Store Pick-Up" application that integrates with Shopify POS. Store associates can view and fulfill store pickup orders assigned to their stores.
Once BOPIS orders are fulfilled, HotWax Commerce syncs the information back to eCommerce, marking the order as completed.
Yes, HotWax Commerce can push orders to POS using APIs provided by the POS system. If POS does not offer APIs, orders can be placed in CSV format on a designated SFTP location for the POS system to access.
HotWax Commerce downloads payment method and order status information and syncs these with POS. However, payment processing and capturing are managed in eCommerce, as the transactions are online sales.
HotWax Commerce can display an estimated pickup date by determining the nearest stores or warehouses with inventory and the time required to transfer the product to the selected store. If the customer places a store pickup order, HotWax Commerce initiates a "ship-to-store" process and creates a transfer order in the POS/warehouse system. The transfer order status can be synced from POS/warehouse system to HotWax Commerce.
HotWax Commerce BOPIS Fulfillment App and APIs allow Store Associates to change the order's delivery mode from “Store Pick-Up” to “Delivery.” Associates can consult with customers and modify the delivery mode if approved, routing the order to the nearest store or warehouse.
Alternatively, associates can use the HotWax Commerce BOPIS Fulfillment App to send an email to customers, informing them of the product's unavailability and providing alternative pickup options.