XPay is committed to maintaining the highest standards of information security. This policy outlines our approach to protecting your data.
XPay is committed to protecting the confidentiality, integrity, and availability of all information assets. Our Information Security Management System (ISMS) is designed to safeguard customer data, transaction information, and system infrastructure against unauthorized access, disclosure, alteration, and destruction.
This ISMS policy applies to all employees, contractors, partners, and third-party service providers who access or process information on behalf of XPay. It covers all systems, networks, applications, and data repositories used in the delivery of our services.
All information assets are classified based on sensitivity and criticality. Access to data is granted on a need-to-know basis using role-based access controls (RBAC). Multi-factor authentication (MFA) is enforced for all administrative access. Access rights are reviewed quarterly and revoked immediately upon termination of employment or contract.
All data in transit is protected using TLS 1.2+ encryption. Sensitive data at rest is encrypted using AES-256. Personally identifiable information (PII) and financial data are subject to additional protection measures, including tokenization and field-level encryption where applicable.
XPay maintains a documented incident response plan to detect, respond to, and recover from security incidents. The plan includes clear escalation procedures, communication protocols, and post-incident review processes. All security incidents are logged, investigated, and reported to relevant authorities as required by law.
We maintain business continuity and disaster recovery (BC/DR) plans to ensure the availability of critical systems in the event of a disruption. Systems are backed up regularly, and recovery procedures are tested at least annually to verify effectiveness.
All third-party service providers who process data on behalf of XPay are subject to security assessments, contractual data protection obligations, and regular audits. We ensure that our vendors maintain security standards consistent with our ISMS.
Our ISMS is subject to regular internal and external audits to ensure compliance with applicable standards and regulations. XPay is committed to continuous improvement of our security posture through regular risk assessments, penetration testing, and security awareness training for all personnel.