At the product level, we are working on new features and tools that guarantee our compliance with the GPRD:
Encryption of our database:
We are working on the encryption of our database using a strategy of encryption at rest with AES algorithms. This method removes the risk of information leakage in the event of database theft. This means that all user, partner and client data is properly coded.
Masking of bank cards:
Although we were already doing it, it is important to remember that the cards of those who use our bank reconciliation service are encrypted as shown in this example: 1234 .....123456
Data destruction protocol:
We provide mechanisms that allow clients and partners to delete their personal data, like their name and surname, or email address. Thus:
An individual user can delete his account from the Configuration section of the web application.
An administrator can eliminate a final user’s account from the web application’s administration panel. .
Captio accounts are eliminated according to the data destruction policy implemented: 30 days after the deletion of an account, an automatic process is responsible for deleting all user data, except for when its storage is necessary to comply with other rules.