Data Protection
Guest data protection is at the centre of what we do and why security is a priority for us
Data Protection Certifications
Our systems are secured with industry best practices and certifications. Our details can be found on Singapore’s Info-comm Ministry website
Security Procedures & Mechanisms
Whether by internal teams or external auditors, be rest assured that any Data Protection Audit will be a success, with detailed policies in place which can be dispatched for review
Operational Security
As an organisation, we are ISO 27001 certified which means that we have implemented security processes into every facet of our operations to identify and assess as well as treat and monitor information security risks. Moreover, our ISO 27001 certification requires us to have periodic external audits to improve our security posture through a process of continuous improvement
Data Protection
We have implemented data protection policies and practices to safeguard personal data and have obtained Data Protection Trustmark (DPTM) certification in line with Singapore’s PDPA legislation and are further undergoing Privacy Recognition for Processors (PRP) certification under the auspices of Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CPBR)
Cloud Security
Our cloud-based systems use Amazon Web Services (AWS). All stored and transferred data is encrypted. All data is safely stored and backed up on servers that follow SSAE reporting standards. Systems are DDoS protected. Cloud systems are constantly monitored
2FA
We put your organisation on the fast-track to zero trust by securing systems with 2FA via OTP (email or SMS). Besides 2FA, we have also implemented passwordless authentication which enables users to authenticate via face verification as well as their Passports & Identity Cards
Vulnerability Management
As part of our monitoring procedures, we run periodic vulnerability scans against our production environments to minimise the risk of any sensitive data from becoming inadvertently exposed. On request, we also engage external penetration testers to conduct VAPT assessments at any point
Access Control
Administrative sharing controls let you decide who on your organisation has access to our systems. Multiple users can be allocated with different roles with tiered access. Additionally, we provide SSO and MFA options for organisations to secure accounts
BackUp & Recovery
Our infrastructure is designed to provide stability, minimise service disruption and provide elastic scaling to meet higher transactions as demands grow. To ensure high availability, we have implemented redundancy and load balancing as part of our cloud infrastructure and automatically backup databases daily
PCI DSS certification
We are compliant as per Payment Card Industry Data Security Standard (PCI DSS) standards. Besides security and encryption protocols, sensitive card data is truncated, tokenised or hashed as the case may be and is securely transmitted to the payment gateway for processing transactions
Encryption
We keep our data secure both in transit and at rest. To protect data in transit, we use TLS/SSL encryption. At rest, content is protected using AES256 encryption
​It’s Easy to Get Started
Looking to implement robust systems with a focus on data protection and security? Contact us to get started