Keeping data secure, confidential, and readily accessible are our greatest priorities.
Passport’s cybersecurity program is based on the concept of Defense in Depth: securing our organization and your data at every layer.
Our cybersecurity program aligns with the NIST Cybersecurity Framework, and Passport is SOC 2 compliant and PCI DSS Level 1 merchant and service provider certified.
While no system can guard against every potential threat, Passport’s defensive line is monitored 24/7, 365 days a year by skilled, highly trained professionals.
Passport’s cybersecurity team, led by our Chief Information Security Officer (CISO), is responsible for the implementation and management of our cybersecurity program. The CISO is supported by the members of Passport’s engineering and product teams and is enabled by our Executive Leadership team.
The focus of Passport’s cybersecurity program is to prevent unauthorized access to customer data. To this end, our team of dedicated cybersecurity practitioners, working in partnership with peers across the company, take specific steps to identify and mitigate risks, implement best practices, and continuously develop ways to improve.
Documents
Knowledge Base (FAQ)
Trust & Security Center Updates
We are happy to announce that Passport's 2023 SOC 1 and SOC 2 reports are now finalized and live! Please check each card above to download the latest reports.
Our 2023 SOC 1 & 2 certifications were issued in February, 2024. These reports are our current and most recent audit results. Our next audit, for the 2024 review period, will be conducted in Q4 of 2024 and estimated for release in February, 2025.
We are happy to announce that Passport's 2023 PCI reports are now finalized and live! Please check the cards above to download the latest reports.
Passport works with municipalities across the US and Canada to provide cashless, digital parking solutions.
Our mobile parking solution asks for the following personal information when creating an account to pay for parking:
- First and Last name
- Phone number
- Email address
- License plate number
- Vehicle Make and Model
- State / Province
Passport’s mobile parking solution does not capture other information about the user. Passport does request access to details about the phone being used so that we can track mobile device and OS details. For example, we capture data about Android vs Apple mobile device utilization, and within each of those device categories, we are interested in the version of OS used. This helps us ensure our app testing and rollout strategy is informed by and aligned with realities of end-user phone adoption.
As a municipal mobile parking solution, Passport only tracks the space or zone # that someone parked in, along with the date that the parking transaction occurred. This information is absolutely necessary to maintain as it relates to a municipality's ability to enforce parking, whether Passport is the provider of enforcement software for a city, or if that software is provided by another company. Anytime that a citizen is parking, there will be a corresponding need to enforce if that parking violates timeframes or rules defined by a city or private operators in that city.
It is important to note that, beyond the information outlined above, Passport does not capture additional information about end-users and does not share or sell that information with third parties for commercial or marketing purposes. We do not "mine” or “glean” other data from our application.
Passport works on behalf of the municipalities in which we work and the data captured by our solutions are used for providing mobile parking solutions and are not a source of additional marketing or commercial activity by Passport.
This is also outlined in Passport’s Privacy Policy.
If you think you may have discovered a vulnerability, please send us a note.