We are committed to ensuring the confidentiality, integrity, and availability of customer, merchant, partner, and company information. This Data Protection & Information Security Policy outlines our security practices, compliance standards, and operational guidelines for protecting sensitive information.
Our practices are designed to ensure compliance, trust, and security for all stakeholders in accordance with relevant laws, regulations, and industry standards.
4. Access Management
Access to systems, platforms, databases, and customer information is restricted to authorized personnel only.
Access management practices include:
- Role-based access control (RBAC)
- Multi-factor authentication (MFA)
- Restricting access to sensitive data
- Monitoring user access logs
- Regular review of access privileges
- Terminating access immediately upon termination of employment
Employees and authorized personnel must follow security guidelines when accessing company systems.
6. Data Retention
Personal and transaction data is retained only for as long as necessary to:
- Deliver services
- Fulfill legal and regulatory obligations
- Resolve disputes
- Secure business records
- Prevent fraud and abuse
Once the retention period expires, data may be securely deleted, archived, anonymized, or destroyed in accordance with applicable laws and company standards.
7. Vendor Security
We work with third-party vendors, service providers, and partners who implement security measures to support our operations.
Vendors must meet our security standards, including:
- Adequate security certifications
- Data confidentiality compliance
- Compliance with local data protection laws
- Secure integration practices
- Incident reporting and communication protocols
We review vendor security practices periodically to ensure alignment with security standards.
8. Secure API Handling
We implement security controls for APIs, integrations, and digital communication used in our platform and services.
API security practices include:
- Secure authentication and authorization
- Data encryption in transit
- Rate limiting and request filtering
- Regular security testing
- Vulnerability patching
- Monitoring API traffic
Unauthorized API usage, abuse, or malicious activity may lead to immediate access restriction or legal action.
9. Incident Reporting & Security Response
We maintain incident response procedures to identify, investigate, manage, and report potential security incidents.
Security response plans include:
- Detection and analysis of security threats
- Immediate containment measures
- Investigation of affected systems
- Reporting and notification procedures
- Post-incident analysis and improvements
- Coordination with regulatory authorities when required
We continuously improve our security response processes to minimize risks and operational disruptions.
10. Employee Compliance & Responsibility
Employees, contractors, and authorized personnel are expected to follow company security policies and confidentiality obligations.
Security compliance requirements include:
- Adhering to security guidelines
- Reporting suspicious activities
- Maintaining strong credentials
- Secure data handling practices
- Cooperating with security audits
Failure to comply with company security standards may result in disciplinary action, termination of access, and legal consequences.
11. Compliance & Legal Requirements
We strive to comply with applicable data protection, cybersecurity, and technology requirement standards set by regulatory authorities.
The company may cooperate with law enforcement agencies, regulators, and authorized bodies where legally required.
GateXpay Technologies Private Limited
412, Sumer Nagar, Mansarovar, Jaipur, Rajasthan – 302020
Email: info@gatexpay.in