Capillary acquires US-based Brierley+Partners    Read more >

Capillary named a Leader in SPARK Matrix™: Customer Loyalty Solutions, Q2 2024 Report     Read more >

Data Privacy Security

Data Security,
Compliance,
Governance,
and Data Privacy

Customer data is our topmost priority

Personal data security is more important than ever before. At Capillary, we reach more than 875 million end customers through our enterprise clients, and data security is our top priority. Our data security team is always on guard to meet the latest security standards and safeguard personal data.

Aligned with the Latest Security Standards

Data privacy and security are of paramount importance for any loyalty program. Capillary’s platform is up to date to meet the latest security standards.

ISO 27001 Compliant

Capillary’s Information Security Management System (ISMS) is based on ISO 27001:2013. Capillary is also PCI DSS 3.2.1 compliant and certified.

Certified with Card Industry Data Security Standards

Regular cadence for Risk assessments, internal audits, and external audits along with metrics-based governance for data security.

WHY DATA SECURITY

Capillary’s Privacy Management System (PMS)

Compliant with global privacy regulations:
GDPR, CCPA, PDPA

Capillary’s Privacy Management System (PMS) is programmed, with experienced privacy analysts, to track and comply with privacy regulations worldwide, working closely with the Capillary loyalty product managers to ensure a seamless intersection of the consumer privacy journeys with the privacy regulations. Capillary is compliant with global privacy regulations, including:

  • European Union (EU) General Data Protection
    Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Singapore Personal Data Protection Act (PDPA).
Learn more
WHY DATA SECURITY

HOW IS IT DONE?

The PMS (Privacy Management System) Process

On Par With The Global
On par with the global and leading practices

The Capillary PMS derives many of the privacy controls design from industry standard bodies such as the Information Commission Office (ICO) UK and Direct Marketing Association (DMA)

Support Individual Privacy
Support individual privacy rights & data minimization

Personal data fields required for loyalty configurations are standardized, and any exceptions require approval by the Data Protection Office (DPO).

Standardized Purpose
Standardized Purpose and Duration of processing

Commitments to customers are transmitted to vendors in contracts (On Transfer Principle) along with regular Privacy Impact Analysis.

DATA PROTECTION PRACTICES

Global data protection guideline process

Data Security Is A Top Priority
Data Security is a top priority

All data provided by customers is protected as “Confidential Information” by default and guidelines are devised accordingly.

Secured Access Management
Secured Access Management

Access is managed on the principles of Minimum need-to-do/know and Segregation of Duties (SoD) principles.

2FA-Based Login
2FA-Based
Login

Two Factor Authentication (2FA) based login and Role Based Access Control (RBAC).

Advanced Standards For Data Protection
Advanced Standards for data protection

Data at Rest is protected using advanced standards (AES 256). Data in Transmission is protected using HTTPS TLS 1.2.

Eliminating The Risk Of Data Breach
Eliminating the risk of data breach

Customer data isolation through unique IDs at the API layer limiting access of data only to the respective customer.

Regular Recovery Plan Testing
Regular Recovery Plan Testing

Highly available systems and near real-time data replication across geographically dispersed data centers provide a Recovery Time Objective (RTO) of 4 hours and a Recovery Point Objective (RPO) of 30 minutes.

Data Security Is A Top Priority
Data Security is a top priority

All data provided by customers is protected as “Confidential Information” by default and guidelines are devised accordingly.

Secured Access Management
Secured Access Management

Access is managed on the principles of Minimum need-to-do/know and Segregation of Duties (SoD) principles.

2FA-Based Login
2FA-Based
Login

Two Factor Authentication (2FA) based login and Role Based Access Control (RBAC).

Advanced Standards For Data Protection
Advanced Standards for data protection

Data at Rest is protected using advanced standards (AES 256). Data in Transmission is protected using HTTPS TLS 1.2.

Eliminating The Risk Of Data Breach
Eliminating the risk of data breach

Customer data isolation through unique IDs at the API layer limiting access of data only to the respective customer.

Regular Recovery Plan Testing
Regular Recovery Plan Testing

Highly available systems and near real-time data replication across geographically dispersed data centers provide a Recovery Time Objective (RTO) of 4 hours and a Recovery Point Objective (RPO) of 30 minutes.

DATA PROTECTION STRATEGIES

Best-in-class coding practices for application security

Endpoint security and incident management 

Prevent DDoS Attacks
Prevent DDoS
Attacks

Anti-DDOS, Firewalls, and Web Application Firewalls ensure a solid safeguard for data protection.

Centralized Access Control
Centralized Access
Control

VPN, SSH-based login, and centralized access control for production engineers.

Anti-Virus Practices
Anti-Virus
Practices

Anti-virus protection and patch management for end-points along with prevention of malicious code.

Constant Log Monitoring
Constant Log
Monitoring

Automated log monitoring and alerting using context-based Security Incident and Event Management (SIEM) System.

Coding Best Practices
Coding Best
Practices

Pre-release internal security testing for all releases, based on OWASP, SANS 25 along with annual external (3rd party) security testing.

Authenticating API Calls
Authenticating
API Calls

Production environment segregated from non-production environment along with Authentication API calls and API rate limiting.

DATA PROTECTION PRACTICES

Empowering the end customer

dps_gdpgs_ic_1.png
Data in the customer’s control

Brands can control the behavior of how customers subscribe/unsubscribe to promotional messages.

dps_etec_ic_2.png
Data
Deletion

Brands can control which all data are Personally Identifiable Information and provide ways to customers to delete their data

dps_etec_ic_3.png
Consent
Management

End customers can easily opt-in or out of brand communications via multiple channels.

dps_etec_ic_4.png
Data
Encryption

End customer data is completely safe as it is encrypted and stored with user consent.

dps_etec_ic_5.png
Transparent
Privacy Policies

Open privacy policies ensure users are aware of how their data would be used at all times.

dps_etec_ic_6.png
Minimizing Data Collection

Such policies dictate that only necessary data is collected to reduce liability without impacting customer experience.

dps_gdpgs_ic_1.png
Data Security is a top priority

All data provided by customers is protected as “Confidential Information” by default and guidelines are devised accordingly.

dps_etec_ic_2.png
Secured Access Management

Access is managed on the principles of Minimum need-to-do/know and Segregation of Duties (SoD) principles.

dps_etec_ic_3.png
2FA-Based
Login

Two Factor Authentication (2FA) based login and Role Based Access Control (RBAC).

dps_etec_ic_4.png
Advanced Standards for data protection

Data at Rest is protected using advanced standards (AES 256). Data in Transmission is protected using HTTPS TLS 1.2.

dps_etec_ic_5.png
Eliminating the risk of data breach

Customer data isolation through unique IDs at the API layer limiting access of data only to the respective customer.

dps_etec_ic_6.png
Regular Recovery Plan Testing

Highly available systems and near real-time data replication across geographically dispersed data centers provide a Recovery Time Objective (RTO) of 4 hours and a Recovery Point Objective (RPO) of 30 minutes.

RESOURCES

More about Capillary’s data security
and data privacy practices

Capillary

All You Need To Know About Data Privacy

With increasing inclination of marketers towards data-driven approach for customer engagement, data privacy is turning crucial for...

Read Story
Fraud Proof Loyalty Programs
Data Privacy

Fraud Detection Technology Helps You Run Bulletproof Loyalty Programs

$3.1 billion in redeemed points are fraudulent! This number is for the US alone. Learn how to detect frauds and run secured loyalt...

Read Story
Data Privacy

Ethical Data Collection Norms for Companies’ Long-term Success

Do you have data collection policies in place? Are your customers aware how you use their data? With larger access to data in the digital era, ethical data collection is not an option anymore, but an priority for brands to earn their customer's trust.

Read Story

Contact Us

Get the best loyalty &
customer engagement platform out there!
  • Design industry shaping loyalty programs
  • Integrate easily and go live quicker
  • Deliver hyper-personalized consumer experiences
Request A Call
Array
(
    [shield-notbot-nonce] => 9f260e77c5
    [wp-wpml_current_language] => en
)