Top

Security Guidelines

Data Protection Policy

Effective Date: October 5, 2023

Introduction

The purpose of this policy is to articulate the data protection procedures that Pursaa Financial Services Ltd (hereafter referred to as "Pursaa") will rigorously adhere to in order to achieve full compliance with relevant international laws and regulations, including the General Data Protection Regulation (GDPR). At Pursaa, we are unwavering in our commitment to safeguarding the privacy and security of our customers' personal information.

Data Collection and Use

Pursaa recognizes the essential need to collect personal information from our customers to facilitate the delivery of our services. This personal information may encompass data such as names, addresses, dates of birth, government-issued identification documents, and other pertinent details. Pursaa will solely collect and employ personal information for the specific purposes for which it was gathered. We will never disclose this information to third parties without the explicit consent of the customer, except when mandated by applicable law.

Security Guidelines

In line with our commitment to data protection, Pursaa adheres to a set of comprehensive security guidelines across multiple programming languages and technologies, including Dart, YAML, Java, Kotlin, .plist, Swift, JavaScript (JS), CSS, Sass, PHP, HTML, and Flutter. These guidelines encompass:

Input Validation and Sanitization:

  • Implementation of thorough input validation and sanitization procedures to prevent SQL injection, cross-site scripting (XSS), and other injection attacks.

Authentication and Authorization:

  • Employment of strong authentication methods, including multi-factor authentication (MFA) where appropriate.
  • Implementation of role-based access control (RBAC) to ensure the principle of least privilege.

Secure Data Storage:

  • Encryption of sensitive data at rest and during transmission.
  • Usage of industry-standard encryption algorithms and hashing methods for password and sensitive information storage.

Session Management:

  • Implementation of secure session management mechanisms to thwart session fixation and session hijacking.
  • Deployment of secure tokens or session cookies with HttpOnly and Secure flags enabled.

Cross-Site Request Forgery (CSRF) Protection:

  • Implementation of anti-CSRF tokens to guarantee the legitimacy of all requests.

Cross-Origin Resource Sharing (CORS):

  • Configuration of CORS headers to restrict resource access to authorized domains.

Security Headers:

  • Utilization of security headers such as Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), and X-Content-Type-Options.

Secure File Uploads:

  • Strict control of file uploads to prevent malicious file uploads.
  • Validation of file types, size restrictions, and secure storage of uploaded files.

These security guidelines, spanning various programming languages and technologies, collectively ensure the robust protection of our customers' personal information.

Data Security

To ensure the utmost protection of our customers' personal information, Pursaa will implement robust technical and organizational measures. These measures may encompass encryption, firewalls, stringent access controls, and other appropriate security protocols. Our commitment to data security is unwavering, and we are dedicated to preventing unauthorized access, usage, or disclosure of personal information.

Data Retention

Pursaa will retain personal information only for the duration required to fulfill the purposes for which it was originally collected, or as dictated by prevailing legal requirements. Once personal information is no longer necessary, Pursaa will securely dispose of it or render it anonymous to ensure it cannot be traced back to an individual.

Data Subject Rights

Pursaa fully acknowledges and respects the data subject rights of our customers, as outlined in the original policy.

Last Updated: October 5, 2023.

These integrated security guidelines enhance our commitment to safeguarding personal information while maintaining compliance with data protection regulations. Pursaa will continually review and update its policies and procedures to ensure that we are meeting our legal and ethical obligations. By implementing these measures, we are confident that we can protect our customers' personal information and maintain their trust in our services. For more comprehensive information, please refer to our Privacy Policy.