• Curlec is compliant with the Personal Data Protection Act (PDPA), full policy found here.

  • Customer bank account details are encrypted when stored in Curlec’s database.

  • Curlec implements two-factor authentication for merchant login to prevent unauthorised access to customer's data.

Card payments:

  • Neither Curlec nor the merchant stores customer card details - they are securely stored in Mastercard Payment Gateway Services (MPGS)

  • Card details are tokenised for recurring collection purposes. 

  • Curlec only accepts payments via Mastercard/Visa cards that are enrolled with 3D Secure - customers will be asked for an OTP before a payment can be processed.