Comprehensive security framework for protecting user data and QR rewards operations
Security is our top priority !!
At EkRewards, we are committed to maintaining the highest standards of security for our platform, user data, and QR rewards operations. Our comprehensive security program ensures robust protection through continuous monitoring, advanced technologies, and rigorous security practices.
This Security Program outlines our approach to safeguarding digital assets, protecting user information, and maintaining the integrity of our rewards and recognition platform. We implement multi-layered security measures to prevent, detect, and respond to potential security threats.
We are committed to security excellence. If you have any security concerns or questions about our security practices, please contact us at security@ekrewards.com.
Our security program is built on a comprehensive framework that addresses all aspects of information security:
We maintain an Information Security Management System (ISMS) that follows industry best practices and international standards. Our security policies and procedures are regularly reviewed and updated to address emerging threats and changing business requirements.
Regular risk assessments are conducted to identify potential security vulnerabilities and threats. We implement appropriate controls and mitigation strategies to address identified risks and maintain an acceptable risk posture.
We implement layered security controls including preventive, detective, and corrective measures. Our controls cover technical, administrative, and physical security aspects to provide comprehensive protection.
Our network infrastructure is protected by multiple layers of security including firewalls, intrusion detection/prevention systems, and network segmentation. We regularly monitor network traffic for suspicious activities and potential threats.
We follow secure software development lifecycle practices, including code reviews, vulnerability assessments, and penetration testing. All applications undergo rigorous security testing before deployment to production environments.
All sensitive data is encrypted both in transit and at rest. We use industry-standard encryption protocols including TLS 1.2+ for data transmission and AES-256 encryption for data storage.
We implement the principle of least privilege for all system access. Multi-factor authentication is required for administrative access, and role-based access controls ensure users only have access to the resources necessary for their roles.
We maintain comprehensive logging and monitoring systems that track security events across our infrastructure. Security Information and Event Management (SIEM) systems analyze logs in real-time to detect potential security incidents.
Our incident response team follows established procedures to quickly identify, contain, and remediate security incidents. We maintain an incident response plan that is regularly tested and updated.
We have business continuity and disaster recovery plans in place to ensure service availability during unexpected events. Regular backups and recovery procedures are tested to verify their effectiveness.
Our security program is designed to comply with relevant data protection regulations including GDPR, CCPA/CPRA, and Indian data protection laws. We regularly review our practices to ensure ongoing compliance with evolving regulatory requirements.
We follow industry-recognized security standards and frameworks including ISO 27001, NIST Cybersecurity Framework, and OWASP guidelines. Our security controls are aligned with these standards to ensure comprehensive protection.
We conduct security assessments of third-party vendors and service providers to ensure they meet our security standards. Contracts with third parties include security requirements and data protection obligations.
All employees undergo regular security awareness training covering topics such as phishing awareness, password security, data handling, and incident reporting. Security is integrated into our company culture.
We maintain comprehensive security policies that are regularly communicated to all employees. These policies cover acceptable use, data classification, access control, and other critical security areas.
Our security program is continuously evaluated and improved based on emerging threats, technological changes, and lessons learned from security incidents. We conduct regular security reviews and assessments.
We maintain a comprehensive vulnerability management program that includes regular scanning, assessment, and remediation of security vulnerabilities. Critical vulnerabilities are prioritized for immediate remediation.
Regular penetration testing is conducted by internal security teams and independent third-party assessors. Testing covers applications, networks, and infrastructure to identify potential security weaknesses.
We conduct regular internal and external security audits to assess the effectiveness of our security controls. Audit findings are used to drive continuous improvement of our security program.
For security-related inquiries, concerns, or to report potential security issues, please contact our security team:
Security Team Contact:
Email: security@ekrewards.com
Response Time: Within 24 hours for initial response
For urgent security matters, please include "URGENT" in the subject line
This Security Program is reviewed and updated regularly to reflect changes in technology, threats, and business requirements. Significant updates will be communicated through appropriate channels.
Last reviewed: October 2023
Next scheduled review: April 2024
Connect with our rewards expert to power your business with our global rewards, incentives, and pre-paid infrastructure.