Policy Objective and Scope
This policy defines how PAYOTRIX ensures protection of data—including personal, merchant, system, and infrastructure data—across all platforms: website, dashboards, APIs, backup systems, and archives. It applies to all employees, contractors, subprocessors, and third-party vendors. It meets requirements under ISO 27001, SOC 2, IT Act SPDI Rules, RBI Guidelines, and GDPR protocols.
All data handled by PAYOTRIX is classified based on sensitivity:
Public: marketing content
Internal: configuration files, non-sensitive logs
Confidential: KYC, personal identifiers
Restricted: metadata tied to redirection events
Security controls vary per classification, applying stricter measures on sensitive data. Classification is reviewed bi-annually or when new systems are added.
All communications—including web dashboards, APIs, backend services, inter-datacenter transfers—are protected using TLS 1.2 or higher. Strong cipher suites such as AES‑GCM are enforced. Self-signed certificates are disallowed. Expiration and certificate integrity are monitored via Certificate Transparency services.
All stored data—database dumps, KYC files, logs—is encrypted using AES‑256 with unique keys per storage unit. Encryption is managed by key management services with automatic rotation every 90 days. Old keys are archived securely and destroyed per the deprecation schedule.
PAYOTRIX uses Role-Based Access Control (RBAC). Employees and systems are granted least privilege access. Admin credentials are stored using hardware-secured modules and rotated every quarter. Temporary access tokens expire within 12 hours.
MFA is mandatory for all administrative, developer, and privileged accounts. MFA is via TOTP or OTP-based outbound channels. All login attempts are logged, with repeated failures triggering temporary blocking and login throttling.
All user accounts must meet password complexity standards: 14+ characters including mixed case, symbols, and numbers. Passwords are hashed using Argon2 or PBKDF2. Users are prompted to change passwords every 90 days, and the reuse of the last 5 passwords is prevented.
PAYOTRIX's environments are segmented by VLANs, with web, app, database, and backup layers separated. Firewalls are configured to allow only necessary ports. Regular port scans and pentests verify isolation and ward off unauthorized access.
Real-time IDS/IPS monitors for anomalies, rate limits, brute force, and payload patterns. Alerts are escalated to security teams within 5 minutes. Signature libraries update daily, and behavioral anomaly detection is active.
PAYOTRIX conducts weekly vulnerability scans and semi-annual penetration tests by accredited firms. Patches are applied within 48 hours for high severity and 7 days for medium severity. All updates are documented with remediation logs.
All development follows secure code practices. Code commits undergo static analysis, peer code reviews, and dynamic testing. Third-party libraries are assessed for vulnerabilities, and open-source components are limited to verified sources.
Full backups occur nightly, stored encrypted off-site. PAYOTRIX regularly simulates recovery to meet RPO < 15 mins and RTO <24 hrs. Backup integrity is validated during each backup cycle.
In the event of breach or anomaly:
Incident is detected via IDS.
The containment plan is initiated.
Communication with stakeholders within 72 hrs.
Forensics and remedial patching.
Post-incident review for future prevention.
All steps are recorded in an incident log, reviewed quarterly.
PAYOTRIX maintains an operations continuity plan, including alternate hosting readiness, DNS fallback routing, and communication templates. Simulated drills are conducted twice a year, and success metrics are evaluated.
Infrastructure resides in Tier-IV compliant data centers with multi-factor entry, biometric access, CCTV, and mantraps. Staff must use ID badges, and access logs are audited monthly. Data center access is limited to pre-approved personnel only.
Data Retention and Disposal
PAYOTRIX follows a strict retention schedule:
User metadata: retained for 5 years after account closure
Audit logs: retained for 7 years as per regulatory norms
Temporary cache & debug logs: deleted within 30 days
KYC & compliance documents: retained per RBI mandates (min. 5 years post-deactivation)
Upon expiration, data is securely wiped using DoD 5220.22-M or equivalent protocols. Backups are deleted in sync. Paper records (if any) are cross-shredded.
All vendors used by PAYOTRIX (e.g., hosting providers, KYC processors) must:
Sign Data Protection Addendums (DPAs)
Be vetted for ISO 27001, PCI-DSS, or SOC2 compliance
Undergo annual risk review and penetration testing
If a vendor fails security assessments or suffers a breach, PAYOTRIX may immediately suspend or terminate the contract and notify users if impacted.
All public and private APIs on PAYOTRIX are:
Secured via OAuth2 or signed requests
Throttled to avoid misuse (rate limiting enforced)
Monitored for abnormal patterns
Versioned and sandboxed before release
All deprecated API versions are decommissioned with public notice and retired securely to avoid misuse.
Logging systems track all critical events, including:
Login attempts
Data modification
API activity
Permission escalations
Backend failures
Logs are immutable (write-once-read-many), encrypted, and stored across multiple regions to maintain integrity and availability for audits and breach investigations.
All internal systems used by PAYOTRIX employees are protected by:
Anti-malware/EDR software
Full-disk encryption
OS-level sandboxing
Remote wipe capability
USB and external device ports are disabled on secure workstations. Employees must only access data from approved devices.
Access permissions are reviewed:
Monthly for privileged/admin accounts
Quarterly for standard users
Immediately on role change or offboarding
Inactive accounts are auto-deactivated within 30 days. Admin privileges must be re-authorized every 60 days by the CISO or Compliance Head.
PAYOTRIX’s cloud infrastructure (if used) adheres to:
Shared responsibility model
Least privilege IAM roles
Security group hardening
Auto-remediation of misconfigurations
Storage bucket privacy enforcement
All infrastructure changes are routed via CI/CD pipelines with logging and approval layers.
PAYOTRIX follows zero-trust principles:
No user or service is trusted by default
Each request is evaluated for identity, context, and privilege
Microsegmentation and real-time monitoring isolate breaches
Devices must authenticate independently
This reduces lateral movement risk in case of intrusion.
Users must explicitly consent before:
Data is stored in a persistent form (cookies/logs)
Communications are sent (marketing/transactional)
Third-party integrations are authorized
Consent is logged with a timestamp and IP for auditing. Users may modify consent through the dashboard.
Before logging or sharing data (e.g., with third-party tools or analytics), PAYOTRIX applies:
Data masking for email, phone, and IP
Tokenization of user IDs
Redaction of sensitive fields from dashboards and logs
No real PII is exposed in operational analytics or support tools.
Transactional emails are sent using verified DKIM, SPF, and DMARC standards to prevent spoofing. In-app notifications are encrypted at rest and sent via secure sockets. Notifications containing sensitive data are tokenized and expire within 24 hours.
All registered merchants are provided:
Security best practices guides
Warning labels for high-risk actions
Step-by-step KYC/document upload instructions
Phishing education during account setup
These documents are accessible via the dashboard or the help center.
Any code, infrastructure, or logic change must go through:
Peer review (via version control)
Automated test suite
Staging/QA approval
Manual security checklist validation
High-impact changes require CISO signoff and rollback plans. All change logs are archived.
If a breach affects user data:
PAYOTRIX will notify affected users within 72 hours
Provide impact analysis and mitigation actions
Notify CERT-IN, RBI, or DSCI, where applicable
Temporarily suspend compromised systems and services
Breach reports are published where required by regulation or user demand.
All employee activity on user data is logged:
Time, IP, location, activity type
Limited to authorized roles only
Random spot audits by the internal compliance team
Repeat violations trigger disciplinary action or termination
Employees must agree to data confidentiality and usage policies before system access is granted.
Regulatory Compliance and Legal Obligations
PAYOTRIX adheres to data protection laws, including:
Information Technology Act, 2000 & SPDI Rules (India)
RBI Master Directions for digital platforms
GDPR (for EU-based users)
ISO/IEC 27001:2013 & SOC2 compliance controls
All data handling practices are documented and reviewed to ensure regulatory conformity. Legal compliance officers oversee updates and audits.
Users can request their data export in a machine-readable format (JSON, CSV, or XML). PAYOTRIX will:
Verify the user’s identity
Sanitize logs before packaging
Process the request within 10 working days
Log the export for compliance records
Data exports are encrypted with a one-time password shared separately via email.
Though PAYOTRIX does not collect financial or biometric data, in case of future compliance integrations (e.g., Aadhaar verification), any biometric or highly sensitive personal information will:
Be encrypted using hardware security modules
Never be stored permanently
Be used solely for session-based verification
Be logged for consent and deleted immediately after validation
This ensures zero long-term retention of biometric identifiers.
To prevent malware infiltration:
All systems use real-time ransomware detection tools
Files are scanned before being uploaded or processed
Suspicious file types are quarantined and blocked
Admin and endpoint devices are sandboxed
Backup systems are isolated from live environments to prevent cascading ransomware attacks.
PAYOTRIX performs checksum verification and file integrity monitoring across:
Application codebases
Database schema and indexes
Web assets and plugin dependencies
Any unauthorized code alteration triggers immediate alerts, and systems can auto-revert to the last known good configurations.
Data Loss Prevention (DLP) mechanisms are deployed to:
Detect unauthorized downloads, copy-paste actions, or large outbound data packets
Log device behavior anomalies
Block access to unsanctioned third-party storage (e.g., Dropbox, Google Drive)
Any violation is flagged, and the associated user account is immediately restricted until cleared by the security team.
All user and admin actions are logged in audit trails, capturing:
Timestamps, user ID, source IP
Activity type and outcome
Related object IDs (e.g., user record, document, setting)
Forensics logs are retained for 7 years and analyzed in case of a breach, fraud, or regulatory investigation.
Employees working remotely must:
Use VPNs and firewall-protected connections
Authenticate with MFA
Use company-authorized encrypted devices
Avoid accessing sensitive environments on mobile phones or public Wi-Fi
Remote access is logged and flagged if it originates from geolocations outside approved regions.
Any embedded third-party services (e.g., analytics, chatbots) on PAYOTRIX undergo:
Source code review
Data collection policy check
Cookie behavior inspection
Periodic penetration testing
Only services with minimal data exposure and proven GDPR/Indian compliance are permitted.
If an employee, vendor, or user detects a data risk, they may report incidents confidentially to:
📧 support@payotrix.com
All reports are logged and reviewed within 48 hours by the Chief Security Officer. Whistleblowers receive protection under PAYOTRIX's internal integrity framework and will not face retaliation.
PAYOTRIX is not designed for children under 18. The platform:
Does not knowingly collect data from minors
Flags KYC attempts with child-based documents
Deletes any such data immediately upon detection
Advises parents or guardians to monitor digital access
If discovered, accounts are suspended pending age verification.
All PAYOTRIX staff undergo:
Mandatory quarterly security awareness training
Social engineering and phishing simulation tests
Legal compliance workshops
Device-level hygiene audits
Completion of training is mandatory for retaining access privileges, and non-compliance results in role-level restrictions.
PAYOTRIX reserves the right to revise this Data Security Policy at any time without prior notice. It is the user’s responsibility to review the policy periodically. Continued use of PAYOTRIX implies acceptance of the most recent version.
