top of page

Data Protection

Guest data protection is at the centre of what we do and why security is a priority for us

Data Protection Certifications

Our systems are secured with industry best practices and certifications. Our details can be found on Singapore’s Info-comm Ministry website    

ISO Certified


Being ISO 9001 and 27001 certified, our solutions incorporate security processes to identify, assess,  treat and monitor information security risks

Security Procedures & Mechanisms 

Whether by internal teams or external auditors, be rest assured that any Data Protection Audit will be a success, with detailed policies in place which can be dispatched for review     

Operational Security

As an organisation, we are ISO 27001 certified which means that we have implemented security processes into every facet of our operations to identify and assess as well as treat and monitor information security risks. Moreover, our ISO 27001 certification requires us to have periodic external audits to improve our security posture through a process of continuous improvement

Data Protection

We have implemented data protection policies and practices to safeguard personal data and have obtained Data Protection Trustmark (DPTM) certification in line with Singapore’s PDPA legislation and are further undergoing Privacy Recognition for Processors (PRP) certification under the auspices of Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CPBR)

Cloud Security

Our cloud-based systems use Amazon Web Services (AWS). All stored and transferred data is encrypted. All data is safely stored and backed up on servers that follow SSAE reporting standards. Systems are DDoS protected. Cloud systems are constantly monitored


We put your organisation on the fast-track to zero trust by securing systems with 2FA via OTP (email or SMS). Besides 2FA, we have also implemented passwordless authentication which enables users to authenticate via face verification as well as their Passports & Identity Cards

Vulnerability Management

As part of our monitoring procedures, we run periodic vulnerability scans against our production environments to minimise the risk of any sensitive data from becoming inadvertently exposed. On request, we also engage external penetration testers to conduct VAPT assessments at any point

Access Control

Administrative sharing controls let you decide who on your organisation has access to our systems. Multiple users can be allocated with different roles with tiered access.  Additionally, we provide SSO and MFA options for organisations to secure accounts

BackUp & Recovery

Our infrastructure is designed to provide stability, minimise service disruption and provide elastic scaling to meet higher transactions as demands grow. To ensure high availability, we have implemented redundancy and load balancing as part of our cloud infrastructure and automatically backup databases daily

PCI DSS certification

We are compliant as per Payment Card Industry Data Security Standard (PCI DSS) standards. Besides security and encryption protocols, sensitive card data is truncated, tokenised or hashed as the case may be and is securely transmitted to the payment gateway for processing transactions


We keep our data secure both in transit and at rest. To protect data in transit, we use TLS/SSL encryption. At rest, content is protected using AES256 encryption


It’s Easy to Get Started

Looking to implement robust systems with a focus on data protection and security? Contact us to get started

bottom of page