99exch Logo
Login

Compliance & Security Policy

Last Updated: October 18, 2025

1. Purpose

This Policy describes how my99exch.id integrates regulatory compliance with cybersecurity standards to protect user data, preserve system integrity, and maintain transparency across all affiliate operations.

2. Regulatory Framework

We comply with:

  • India’s Information Technology Act (2000) & Digital Personal Data Protection Act (2023)

  • ISO 27001 and NIST SP 800-53 principles

  • Advertising Standards Council of India (ASCI) guidelines

  • FATF recommendations on AML controls through partners

3. Governance Structure

Our Compliance Officer oversees:

  1. Policy formulation and annual review.

  2. Internal risk assessment reports.

  3. Vendor and partner due-diligence checks.

  4. Incident response and user notifications.

Weekly security meetings ensure any identified threats are documented and mitigated immediately.

4. Technical Safeguards

  • Encryption: AES-256 for stored data, TLS 1.3 for transmissions.

  • Firewalls & IDS: Prevent unauthorized access.

  • Two-Factor Authentication: Enforced for administrative logins.

  • Audit Logs: Immutable records kept for five years.

5. Data Governance & Retention

All user information is handled per our Privacy Policy. Retention schedules define specific lifecycles for personal and affiliate data; expired records are securely deleted or anonymized.

6. Vendor and Partner Security

Third-party providers must sign Data Processing Agreements and prove certification (e.g., ISO 27001). Partners without adequate security posture are not approved.

7. Incident Response

  1. Detection → automated alerts 24/7.

  2. Containment → temporary system isolation.

  3. Investigation → root-cause analysis within 48 hours.

  4. Notification → users informed within 72 hours if impacted.

  5. Remediation → patch deployment and post-mortem review.

8. Employee Training

All staff receive annual training on data handling, phishing awareness, and incident reporting. Completion records are maintained for audit.

9. Compliance Audits

Independent audits occur annually. Findings are documented and corrective measures tracked to closure within 60 days.

10. Policy Updates

Reviewed semi-annually and published with a new revision date. Users should check this page for latest information.

Summary: my99exch.id combines legal compliance with robust security to safeguard user trust and operational integrity.

WhatsApp Get ID Now