General:
Curlec is compliant with the Personal Data Protection Act (PDPA), full policy found here.
Customer bank account details are encrypted when stored in Curlec’s database.
Curlec implements two-factor authentication for merchant login to prevent unauthorised access to customer's data.
Card payments:
Neither Curlec nor the merchant stores customer card details - they are securely stored in Mastercard Payment Gateway Services (MPGS).
Card details are tokenised for recurring collection purposes.
Curlec only accepts payments via Mastercard/Visa cards that are enrolled with 3D Secure - customers will be asked for an OTP before a payment can be processed.