PII Policy
Customer Data Protection And Handling
Last Updated: 8/21/2023
We are committed to protecting personally identifiable information (PII) and other sensitive customer data. We have implemented multiple layers of security to ensure customer information’s confidentiality, integrity, and availability.
Data Protection Measures:
- Encryption at Rest and in Transit:All PII is encrypted using AES256 at rest and TLS 1.2+ for data in transit to prevent unauthorized access.
- Access Controls & Least Privilege Principle:We enforce strict role-based access controls (RBAC) and multi-factor authentication (MFA) to ensure that only authorized personnel with a legitimate need can access sensitive data.
- Data Tokenization:Where possible, we replace sensitive data elements with unique tokens, reducing the risk of exposure in case of authorized access.
- Anonymization & Masking:Customer data that does not require storage in its raw form is anonymized or masked to limit exposure
- Logging & Monitoring:We maintain continuous security monitoring with real-time alerts for unauthorized access attempts, data anomalies, or suspicious activity.
- Data Retention & Minimization:We retain customer data only for as long as necessary (to date we have kept necessary data 180 days) to fulfill transactional, legal, or regulatory obligations, reducing unnecessary risk.
For inquiries, contact iRewardify
Note: iRewardify's policies and procedures are subject to change with prior notice. We are committed to keeping our clients informed and will provide timely notifications regarding any updates or modifications. Our goal is to ensure transparency and maintain compliance with industry standards while continuously improving our services.
