Security

How we protect your data and ensure secure transactions

Your Security is Our Priority

We employ bank-grade security measures to protect your personal information and payment data. Every transaction is secured with multiple layers of protection.

Security Features

Advanced security technologies that protect every aspect of your experience

256-bit SSL Encryption

All data transmission is protected with bank-grade encryption

PCI DSS Compliance

Certified compliance with payment card industry security standards

Secure Infrastructure

Enterprise-grade servers with 24/7 monitoring and intrusion detection

Zero Data Storage

We never store your payment information on our servers

How We Protect You

Encrypted Transmission

All data between your device and our servers is encrypted using 256-bit SSL, the same technology used by banks and financial institutions.

Secure Payment Processing

Payment information is processed directly by our PCI-compliant payment partners. We never see or store your full credit card details.

Minimal Data Storage

We only store the minimum information necessary to provide our service. Sensitive data is encrypted at rest and regularly purged.

Continuous Monitoring

Our security team monitors all systems 24/7 for suspicious activity, with automated alerts for any potential threats.

Security monitoring

Security Certifications

We maintain the highest industry certifications and compliance standards

PCI DSS Level 1

Highest level of payment card security compliance

SOC 2 Type II

Audited security, availability, and confidentiality controls

ISO 27001

International standard for information security management

GDPR Compliant

European data protection regulation compliance

Security Practices

Comprehensive security measures across all aspects of our operations

Data Protection

  • End-to-end encryption for all sensitive data
  • Regular security audits and penetration testing
  • Automated vulnerability scanning
  • Secure data backup and recovery procedures

Access Control

  • Multi-factor authentication for all staff
  • Role-based access controls
  • Regular access reviews and updates
  • Immediate access revocation for terminated employees

Infrastructure Security

  • 24/7 network monitoring and intrusion detection
  • Distributed denial-of-service (DDoS) protection
  • Regular security patches and updates
  • Geographically distributed backup systems

Compliance & Auditing

  • Annual third-party security audits
  • Continuous compliance monitoring
  • Incident response and reporting procedures
  • Regular staff security training

Incident Response

In the unlikely event of a security incident, we have comprehensive response procedures in place:

  • Immediate containment and assessment of the incident
  • Notification of affected users within 72 hours
  • Coordination with law enforcement and regulatory bodies
  • Full investigation and remediation of vulnerabilities
  • Transparent communication throughout the process

We maintain cyber insurance and work with leading security firms to ensure rapid response and recovery.

Your Role in Security

Best Practices

  • Use strong, unique passwords
  • Keep your devices and browsers updated
  • Only access our site from secure networks
  • Log out when using shared devices

Warning Signs

  • Unexpected emails asking for personal information
  • Suspicious website URLs or certificates
  • Requests for payment outside our platform
  • Unusual account activity or charges

Security Questions or Concerns?

Our security team is available to address any questions or concerns about the safety of your information.

Concerns: admin@refill.my

Contact Security TeamPrivacy Policy