Data Protection

As an organisation, we are ISO 27001 certified which means that we have implemented security processes into every facet of our operations to identify and assess as well as treat and monitor information security risks. Moreover, our ISO 27001 certification requires us to have periodic external audits to improve our security posture through a process of continuous improvement

We have implemented data protection policies and practices to safeguard personal data and have obtained Data Protection Trustmark (DPTM) certification in line with Singapore’s PDPA legislation and are further undergoing Privacy Recognition for Processors (PRP) certification under the auspices of Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CPBR)

Our cloud-based systems use Amazon Web Services (AWS). All stored and transferred data is encrypted. All data is safely stored and backed up on servers that follow SSAE reporting standards. Systems are DDoS protected. Cloud systems are constantly monitored

We put your organisation on the fast-track to zero trust by securing systems with 2FA via OTP (email or SMS). Besides 2FA, we have also implemented passwordless authentication which enables users to authenticate via face verification as well as their Passports & Identity Cards

As part of our monitoring procedures, we run periodic vulnerability scans against our production environments to minimise the risk of any sensitive data from becoming inadvertently exposed. On request, we also engage external penetration testers to conduct VAPT assessments at any point

Administrative sharing controls let you decide who on your organisation has access to our systems. Multiple users can be allocated with different roles with tiered access.  Additionally, we provide SSO and MFA options for organisations to secure accounts

Our infrastructure is designed to provide stability, minimise service disruption and provide elastic scaling to meet higher transactions as demands grow. To ensure high availability, we have implemented redundancy and load balancing as part of our cloud infrastructure and automatically backup databases daily

We are compliant as per Payment Card Industry Data Security Standard (PCI DSS) standards. Besides security and encryption protocols, sensitive card data is truncated, tokenised or hashed as the case may be and is securely transmitted to the payment gateway for processing transactions

We keep our data secure both in transit and at rest. To protect data in transit, we use TLS/SSL encryption. At rest, content is protected using AES256 encryption