Security

Security
We are very serious about Privacy and Security to Protect your Business and your Customers
Protecting your customers and their data is essential to earn their trust and build loyalty.

While privacy, security and data governance have become increasingly complex and important, Extra360 wallet and loyalty solutions are enterprise-ready, which means we make privacy, security, and compliance top priority.
We are committed to protecting critical data and the interests of our customers.

ISO certifications are part of Extra360's wider strategy to secure our customers' data and minimise business risks. We regularly receive independent audits and reviews to maintain these certifications.

Data security, stable operations and compliance are our highest priorities as we develop our solutions.

Extra360 holds ISO 9001 and ISO 27001 certificates

Satisfying the highest safety requirements

We implement strict policies and procedures to ensure your business and customers are protected at all times.

  • - Network and Encryption security
  • - 24/7 assistance for critical issues
  • - GDPR compliance
  • - Regular external safety controls
  • - Strict privacy policies
Security built into every rollout

Secure yourself from internal and external scams and fraud. Track every engagement with your system.

  • - Unique identifiers on every API call and response
  • - Detailed permissions and user management
  • - SAML 2.0 Single Sign-On support
  • - API tester and logs
  • - Global and per profile limits
Security is in everything we build
Extra360's policy is designed according to ISO 27001 standards, which establishes the model for the creation, establishment, implementation, operation, monitoring, review, maintenance, and improvement of an information security management system.
Extra360 has built both its technology and company culture around the principle of keeping customer information safe and sound at all times. We well understand that “Data security is the pillar of any wallet and loyalty program". This includes the following:
Risk Management
Security Policy
Information Systems Acquisition, Development, and Maintenance
Organisation of Information Security
3rd Party Relationships
Information Security Incident Management
Best security measures in the industry
Extra360 offers the best security measures in the industry, both in terms of technology and policy, to protect our customers' data and ensure data safety
Dedicated Chief Information Security Officer (CISO)
Extra360's CISO is responsible for the security of the organisation's processing of personal data of its staff, customers, providers or other individuals in line with applicable data protection rules.
Dedicated Quality Assurance Team
Extra360 has a team dedicated to testing all updates to its software so that the end products are released without any vulnerabilities.
Independent Data Protection Officer (DPO)
Extra360’s independent DPO audits and ensures that the organisation processes the personal data of its staff, customers, providers or any other individuals in compliance with the applicable data protection rules.
GDPR compliance
Extra360's software and conduct is in full compliant with the GDPR and guarantees that customers are able to retain their right to control their data.
Data Leakage Precautions
To minimise the risk of accidental data leakage, we implement detailed data controls so that only necessary information is transmitted via APIs.
API Integrity
All APIs that transmit personal data are protected as they are sent over encrypted channels and API signatures to ensure that the information has not been altered.
Data encryption in transit and at a rest
To ensure the security of data in transit, each API endpoint uses an encrypted connection. Data at rest is also encrypted on MS Azure.
Disaster recovery and business continuity
Extra360's "Disaster Recovery Plan" outlines a playbook for every potential contingency, emergency or disaster scenario.
Customer Data Privacy
Extra360's in-house data security statement sets strict rules for each employee on how to manage customer data and a built-in chain of authority within the organisation.
Penetration tests
Our technology is subjected to an external penetration test bi-annually to ensure that our platform provides flawless protection and that no critical vulnerabilities are found.
Availability
We offer our customers the highest level of availability with three types of Service Level arrangements to choose from.
Global Data Security
Data privacy has evolved into a whole new world over the past few years.
Your customers are depending on you to play by the new rules-or they’ll find a brand that does. But keeping track of them all can be overwhelming.
Don’t keep data you don’t intend to use
01
Don’t transfer personally identifiable information (Pll) data to any vendor
02
Track customer through a unique identifier vs. their full name, email address or any other PII
03
Responsible Disclosure
It is Extra360's core belief to be proactive to evolving security issues. We are committed to protecting critical data and the interests of our customers. Extra360 has taken all the necessary steps to become ISO 9001 and ISO 27001 certified.
New issues and attack vectors emerge every day, and Extra360 strives to stay up-to-date with the latest security developments by collaborating with security researchers, technology community, and our customers. We acknowledge the community's efforts to build a securer ecosystem for everyone.
General Data Protection Regulation (GDPR)
The European Union’s General Data Protection Regulation (GDPR) went into effect May 2018 and has become the yardstick for basic data protection guidelines and rules.

The impact of GDPR was felt globally, as it influences processes for companies operating within European borders as well as those that operate overseas but deal with the data of European citizens.

GDPR enables a standard framework to protect personal data as well as ensure the free movement of data. According to this Act, companies must adhere to a standard set of regulations for data storage, usage, and transfer.

This act also requires companies to periodically delete unnecessary consumer data, especially when requested directly by the customer. GDPR fines and penalties are quite high.
Learn more about
The Extra Platform
Book a demo with us and learn how major brands use Extra360 to make a difference, in-store and online!
Book a Demo