IntechPay is committed to maintaining the highest standards of information security to protect our clients, their customers, and their sensitive data.

Security Overview

This Information Security Policy outlines our comprehensive approach to protecting payment data, personal information, and business assets. Our security framework is designed to prevent unauthorized access, ensure data integrity, and maintain the confidentiality of all information processed through our platform.

Data Protection Measures

Encryption Standards

  • All data transmitted over networks is encrypted using TLS 1.3 or higher
  • Sensitive data at rest is encrypted using AES-256 encryption
  • Payment card data is tokenized and never stored in plain text
  • Encryption keys are managed through hardware security modules (HSMs)

Data Storage and Handling

  • Payment card data is stored in PCI DSS compliant environments
  • Personal information is segregated and access controlled
  • Data backups are encrypted and stored in geographically diverse locations
  • Secure data deletion procedures for end of life data

Access Control and Authentication

We implement strict access controls to ensure that only authorized personnel can access sensitive systems and data:

  • Multi-factor authentication (MFA) required for all system access
  • Role-based access control (RBAC) with principle of least privilege
  • Regular access reviews and immediate revocation upon termination
  • Strong password policies with regular rotation requirements
  • Session timeouts and automatic logout after inactivity
  • Comprehensive audit logging of all access and changes

Monitoring and Threat Detection

Real-Time Monitoring

Continuous monitoring of systems, networks, and applications for suspicious activity and security events.

Fraud Detection

Advanced machine learning algorithms identify fraudulent transactions and suspicious patterns.

Intrusion Detection Systems

Network and host-based intrusion detection to identify and block malicious activity.

Incident Response

Dedicated incident response team with defined procedures for security events.

Vulnerability Management

  • Regular vulnerability scanning and penetration testing
  • Automated security patching for critical systems
  • Third party security audits and assessments
  • Bug bounty program for responsible disclosure
  • Security code reviews for all software releases
  • Dependency scanning for known vulnerabilities

Compliance and Certifications

PCI DSS Level 1

Highest level of payment security

SOC 2 Type II

Independent security audit

ISO 27001

Global InfoSec standard

GDPR Compliant

Data protection compliance

Employee Security Training

  • Mandatory security awareness training for all new hires
  • Annual refresher training on security policies
  • Regular phishing simulation exercises
  • Confidentiality and non-disclosure agreements

Third-Party Security

  • Security assessments for all 3rd party providers
  • Contractual security requirements in vendor agreements
  • Regular reviews of third-party security practices
  • Data processing agreements for sensitive info

Security Incident Reporting

IntechPay Security Team

Email: security@intechpay.io

Phone: +250 738 556 037

We appreciate responsible disclosure and will work with security researchers to address reported vulnerabilities.

Commitment: IntechPay is committed to maintaining the highest standards of information security. This policy is reviewed and updated regularly to address evolving threats and incorporate industry best practices. Last reviewed: February 2026