Home CTrust CCompliance
Robust Compliance
Policies
Ensuring compliance and audits is our unwavering priority. Our products consistently undergo independent assessments for security, privacy, and compliance controls. We obtain certifications, attestations, and clear audit reports as proof of our compliance commitment
Compliance Certifications
Representing our official endorsements, confirming our adherence to specific standards, laws, and regulations, demonstrating our commitment to meeting requirements and enhancing credibility.
Digital Payment Security Controls (DPSC)
2 mins read
The Master Direction that establishes security controls for digital payments was released on 18th February 2021 by RBI. It covers areas such as Governance and Management of Security Risks, Generic Security Controls, Application Security Life Cycle (ASLC), Authentication Framework, Fraud Risk Management, Reconciliation Mechanism, Customer Protection, Awareness, Grievance Redressal Mechanism, and specific controls related to Internet Banking, Mobile Payments Application Security Controls and Card Payments Security.
View our Certificate
m Certificate
Last audited on 21stAugust, 2024
GDPR Compliance
3277 words · 16 mins read
We are committed to our customers' success and the protection of their data by ensuring that we comply with the General Data Protection Regulation (GDPR) and all privacy-related regulations. We have all the necessary documents and GDPR appropriate technical and organizational measures in place to ensure a high level of personal data protection.
Our Data Processing Addendum (DPA) meets GDPR requirements and reflects our data privacy and security commitments.
Examine the Letter
m Compliance Letter
Last audited on 20th June 2024
ISO 27001:2022 Certified
3 mins read
We are an ISO 27001:2022 certified company and have implemented the required Information Systems Management System policies and procedures to maintain industry standard best practices and applicable controls. ISO/IEC 27001:2022 is a security management standard that specifies best practices in security management and comprehensive security controls following the ISO/IEC 27002 guidance.
View our Certificate
m Certificate
Last audited on 17th June, 2024
ISO 27701:2019 Certified
3 mins read
We are an ISO 27701:2019 certified company and have implemented the required Information Systems Management System policies and procedures to maintain industry standard best practices and applicable controls. ISO 27701:2019 is an international standard that provides guidelines for establishing, implementing, maintaining, and continually improving the Privacy Information Management System (PIMS).
View our Certificate
m Certificate
Last audited on 24th August, 2024
PCI DSS 4.0 Compliance
1 min read
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council.
We are thrilled to announce that we have successfully achieved PCI DSS v4.0 compliance, becoming India's 1st Fintech to achieve this certification.This attests to us having implemented industry-standard security controls governed by the PCI council that helps us protect customer's card data in a highly secure manner.
View our Certificate
m Certificate
Last audited on 22nd December, 2023
SOC 2 Type II Compliance
3 mins read
SOC 2 reports are based on the existing Trust Services Criteria (TSC) from the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). The purpose of the report is to evaluate an organization's information systems relevant to security, availability, processing integrity, confidentiality, and privacy.
We're pleased to announce our successful completion of the System and Organizational Controls (SOC) 2 Type II audit for the second consecutive year in consultation with a professional and independent third-party audit firm.
View our Certificate
m Certificate
Last audited on 20th August, 2024
System Audit Report for Data Localization (SAR)
3 mins read
The Reserve Bank of India issued a directive vide circular DPSS.CO.OD.No 2785/06.08.005/2017-18 dated April 06th , 2018 on 'Storage of Payment System Data' advising all system providers to ensure that the entire data relating to payment systems operated by them is stored in a system only in India. To meet this compliance, all payment system providers must undergo an audit conducted by a CERT-IN empanelled auditor.
We have successfully completed "Data Localization" requirements as per Reserve Bank of India (RBI) guidelines. This means all our customer data securely resides only in India (CtrlS Noida Region).
View our Certificate
m Certificate
Last audited on 23rd February, 2024
Vulnerability Assessment and Penetration Testing
3 mins read
We have an inhouse network security team which uses industry leading products to conduct manual and automated VAPT activities & we also leverage CERT-IN certified auditors to do periodic external security testing and audits.
Study the Reports
m iOS Report
m Android Report
m Web Report
Last audited on 04th July, 2024
Secure Code Review - CISA SDK
2 mins read
The CISA SDK establishes a secure communication framework between the client and server, ensuring confidentiality, integrity, singularity, and authenticity. To validate the security and compliance of the SDK, a thorough Secure Code Review was undertaken by an external party. This comprehensive review aimed to identify and eliminate potential vulnerabilities, further enhancing the robustness and reliability of the SDK.
Last audited on 12th June, 2024
SEBI Registered Research Analyst
2 mins read
We are thrilled to annouance that we have succesfully acheieved the SEBI-registered Research Analyst (RA) operating under registration number INH000014252. We can now deliver meticulously crafted research reports adhering to the standards set by the Securities and Exchange Board of India (SEBI), ensuring that our clients receive accurate and legally sound insights for their investment decisions.
View our Certificate
m Certificate
Registered on 1st January, 2024
Credit Information Companies (Regulation) Act, 2005 (CICRA)
2 mins read
We are fully compliant with the Credit Information Companies (Regulation) Act, 2005 (CICRA). Our commitment extends to maintaining a resilient and highly secure Information Technology (IT) infrastructure designed to safeguard and preserve credit-related data, in strict accordance with the provisions of CICRA and the associated rules and regulations. Our IT systems have been carefully examined, reviewed, and authorized by a CISA auditor.
View our Certificate
m Certificate
Last audited on 26th September, 2023
Cookies Policy
687 words · 4 mins read
Cookies are text files containing small amounts of information which are downloaded to your computer or mobile device when you visit a site and allow a site to recognize your device. Read More
Last reviewed on 12th June, 2024
Privacy Policy
3469 words · 17 mins read
We do not sell your personal information to or share it with unaffiliated third parties for their own advertising or marketing purposes without your explicit consent. Read More
Last reviewed on 12th June, 2024
Terms & Conditions
11503 words · 57 mins read
We are creating a system that strives to reward high trust and creditworthy individuals of India, inspiring others to be like them. Read More
Last reviewed on 12th June, 2024
Offered in
English | हिन्दी | বাংলা | ગુજરાતી | ಕನ್ನಡ | മലയാളം | e
Follow us on
Security Partner
GDPR certificate ISO certificate PCI DSS certificate SOC 2 certificate cicra certificate
Useful Links
Trust | Security | Terms & Conditions | Privacy Policy | FAQ
We would love to meet you
1205, Welldone Techpark, Sohna Road, Sector 48, Gurugram, Haryana - 122018
Show Directions
© 2024 OneBanc Technologies Pvt. Ltd.