Effective date Jan 02, 2023
This Data Security Policy outlines the measures and processes put in place by Fintek Pty Ltd (Mystro), a Software-as-a-Service (SaaS) provider for the financial service industry, to safeguard the data of our customers and their end-users.
The purpose of this policy is to ensure that data security measures are consistently applied and maintained across our organisation, to protect the confidentiality, integrity, and availability of our customer data, as well as to comply with applicable legal and regulatory requirements.
This policy applies to all employees, contractors, and third-party service providers of Fintek Pty Ltd who have access to customer data, regardless of their location or position.
1. Access Control
a.
Access to customer data is limited to authorised personnel who require such access to perform their duties.
b.
Access to customer data is granted based on the principle of least privilege, whereby users are granted access only to the data they need to perform their duties.
c.
Access to customer data is secured through the use of strong authentication mechanisms, such as geo-fencing, two-factor authentication (2FA) and password policies that comply with industry standards.
2. Hosting
a.
Mystro uses Amazon Web Services (AWS Australia. Sydney data centre) for hosting our secure infrastructure storing customer data.
b.
AWS provides a secure and compliant infrastructure that adheres to industry standards and best practices.
c.
AWS maintains various security certifications, including but not limited to ISO 27001, SOC 1/2/3, and PCI DSS.
d.
Mystro works with AWS and third party consultants to ensure that appropriate security controls are in place to protect customer data, such as access controls, network security, and encryption.
e.
Any security issues or incidents are promptly reported and addressed by both Mystro and AWS.
3. Data Transmission
a.
All customer data transmitted over public networks is encrypted using secure protocols, such as Transport Layer Security (TLS) or Secure Sockets Layer (SSL).
b.
All customer data is encrypted during transfer and at rest.
c.
Any transmission of customer data to third-party service providers is subject to strict security requirements, including the use of secure transmission protocols and data encryption.
4. Data Storage
a.
Mystro stores customer data in Amazon Web Services (AWS) data centres located in Australia, Sydney.
b.
AWS provides a secure and compliant infrastructure that adheres to industry standards and best practices.
c.
Customer data is backed up regularly to ensure data integrity and availability.
d.
Data retention policies are established to ensure that customer data is stored only for as long as necessary to fulfil business and legal requirements. When customer data is no longer needed, it is securely deleted or disposed of in accordance with industry-standard practices.
5. Monitoring and Logging
a.
Fintek maintains a comprehensive monitoring and logging system to detect and respond to security incidents.
b.
Security logs are retained for a minimum of 12 months and are subject to regular review.
c.
All security incidents are reported to the appropriate internal stakeholders and, where necessary, to external parties, such as law enforcement and regulatory authorities.
6. Product development
a.
We do not outsource any of our jobs overseas, and all software development and management is done in Sydney and Melbourne, Australia.
b.
By keeping all development and management activities in-house, we can ensure that we have full control over the security and quality of our services, and that our customers' data is protected at all times.
c.
All our developers and management staff are based in Australia, and we do not employ any third-party vendors to perform development or management activities on our behalf.
d.
We believe that keeping our jobs local is not only good for our customers, but it also helps to support the local economy and fosters innovation and growth within our industry.
7. Personnel Security
a.
All employees and third-party service providers are subject to background checks prior to being granted access to customer data.
b.
All employees  and third-party service providers are required to sign a confidentiality agreement that outlines their responsibilities with respect to customer data.
c.
Regular security awareness and training programs are conducted to ensure that personnel are aware of their security responsibilities and are kept up-to-date on the latest threats and best practices.
8. Compliance
a.
Mystro is committed to complying with all applicable legal and regulatory requirements, including data protection laws and regulations.
b.
Mystro undergoes regular security assessments and audits to ensure compliance with industry standards and best practices.
This Data Security Policy outlines the measures and processes put in place by Fintek Pty Ltd to safeguard the data of our customers and their end-users. It is the responsibility of all employees, contractors, and third-party service providers to adhere to these policies and procedures to ensure the security of customer data.
For more information please contact us at hello@mystro.com.au or 02 5839 39 15 (during business hours)
Fintek Pty Ltd.
Level 9, Tower B, The Zenith 821 Pacific Hwy, Chatswood NSW 2067

© Copyright 2024 Fintek Pty Ltd

|
Level 9, Tower B, The Zenith 821 Pacific Hwy, Chatswood NSW 2067.
Home
|
Hub
|
Plans
|
Cookie policy
|
Data Security Policy
|
Terms
|
Privacy Policy