Legal · Async Integrations
Security Policy
Last updated: October 2025
1. Introduction
ASYNC INTEGRATIONS d.o.o. prioritizes safeguarding client data and payment details. We implement industry-standard protective measures and adhere to GDPR and other applicable data protection laws.
2. Payment Security
Wise Europe SA handles all card and online payment transactions.
- Wise is PCI DSS Level 1 certified
- We do not store, process, or transmit payment card data
- Payment data is transmitted directly to Wise using encryption
- Customers receive only payment status confirmation, not card details
3. Data Transmission Security
Protections include HTTPS/TLS encryption for website connections, encrypted channels for sensitive files, secure file transfer protocols, and strong authentication requirements.
Clients are encouraged to use secure communication methods.
4. Access Controls
Access restrictions include authorization limits, the principle of least privilege, activity logging, multi-factor authentication, regular access reviews, and confidentiality agreements with contractors.
5. Infrastructure Security
We maintain secure, regularly updated servers, firewalls, intrusion detection, encryption, regular backups, and disaster recovery plans.
Client projects may be hosted on platforms such as AWS or DigitalOcean that hold ISO 27001 and SOC 2 certifications.
6. Secure Development Practices
Our development process includes code reviews, security testing, dependency updates, vulnerability scanning, OWASP Top 10 protection, secure authentication, input validation, and regular security audits.
7. Monitoring and Incident Response
Monitoring involves system log analysis, automated alerts, regular security assessments, and penetration testing.
Incidents trigger immediate investigation, client notification within 72 hours, impact minimization efforts, and recurrence prevention measures.
8. Employee Security Training
All staff receive training in GDPR compliance, secure coding, phishing recognition, incident reporting, and confidentiality obligations. Team members sign confidentiality agreements.
9. Client Responsibilities
Clients should maintain strong passwords, avoid credential sharing, report suspicious activity, keep systems updated, follow security recommendations, and review project security measures.
10. Regulatory Compliance
We comply with GDPR, the Croatian Data Protection Act, PCI DSS, and Payment Services Directive 2 (PSD2) standards.
11. Third-Party Security
We vet vendors, require data processing agreements, verify compliance certifications, and limit data sharing. Key partners include Wise, hosting providers, and email services.
12. Policy Updates
This Security Policy undergoes regular reviews. Material changes are communicated to active clients.
13. Security Concerns and Reporting
Report security issues to hello@asyncintegrations.hr with the subject line 'SECURITY - [Brief Description]'.
We request responsible disclosure before any public vulnerability disclosure.