Async IntegrationsBook a build call

Legal · Async Integrations

Security Policy

Last updated: October 2025

1. Introduction

ASYNC INTEGRATIONS d.o.o. prioritizes safeguarding client data and payment details. We implement industry-standard protective measures and adhere to GDPR and other applicable data protection laws.

2. Payment Security

Wise Europe SA handles all card and online payment transactions.

  • Wise is PCI DSS Level 1 certified
  • We do not store, process, or transmit payment card data
  • Payment data is transmitted directly to Wise using encryption
  • Customers receive only payment status confirmation, not card details

3. Data Transmission Security

Protections include HTTPS/TLS encryption for website connections, encrypted channels for sensitive files, secure file transfer protocols, and strong authentication requirements.

Clients are encouraged to use secure communication methods.

4. Access Controls

Access restrictions include authorization limits, the principle of least privilege, activity logging, multi-factor authentication, regular access reviews, and confidentiality agreements with contractors.

5. Infrastructure Security

We maintain secure, regularly updated servers, firewalls, intrusion detection, encryption, regular backups, and disaster recovery plans.

Client projects may be hosted on platforms such as AWS or DigitalOcean that hold ISO 27001 and SOC 2 certifications.

6. Secure Development Practices

Our development process includes code reviews, security testing, dependency updates, vulnerability scanning, OWASP Top 10 protection, secure authentication, input validation, and regular security audits.

7. Monitoring and Incident Response

Monitoring involves system log analysis, automated alerts, regular security assessments, and penetration testing.

Incidents trigger immediate investigation, client notification within 72 hours, impact minimization efforts, and recurrence prevention measures.

8. Employee Security Training

All staff receive training in GDPR compliance, secure coding, phishing recognition, incident reporting, and confidentiality obligations. Team members sign confidentiality agreements.

9. Client Responsibilities

Clients should maintain strong passwords, avoid credential sharing, report suspicious activity, keep systems updated, follow security recommendations, and review project security measures.

10. Regulatory Compliance

We comply with GDPR, the Croatian Data Protection Act, PCI DSS, and Payment Services Directive 2 (PSD2) standards.

11. Third-Party Security

We vet vendors, require data processing agreements, verify compliance certifications, and limit data sharing. Key partners include Wise, hosting providers, and email services.

12. Policy Updates

This Security Policy undergoes regular reviews. Material changes are communicated to active clients.

13. Security Concerns and Reporting

Report security issues to hello@asyncintegrations.hr with the subject line 'SECURITY - [Brief Description]'.

We request responsible disclosure before any public vulnerability disclosure.

← Back to the catalogue
ASYNC INTEGRATIONS d.o.o.
  • Jurkovićeva ulica 20
    10000 Zagreb, Croatia
  • DirectorAndrija Radica
  • Registry courtTrgovački sud u Zagrebu
  • Founded2024 · Capital 5,000 EUR (fully paid)

Registration

  • OIB90137473459
  • MB05939909
  • VAT IDHR90137473459

Contact

  • hello@asyncintegrations.hr
  • HoursMon–Fri · 8:00 AM–4:00 PM (UTC)

Bank

  • IBANHR1823400091111279338
  • SWIFTPBZGHR2X
  • Privredna banka Zagreb d.d.
© 2026 ASYNC INTEGRATIONS d.o.o. All rights reserved.
Terms & ConditionsPrivacy PolicyRefund PolicySecurity Policy