Overview
ROOPB takes the security of your personal information and payment data seriously. This Information Security Policy describes the technical and organizational measures we use to protect data across our platform, mobile app, and merchant portal.
This policy complements our Privacy Policy, which covers what data we collect and how we use it. This document focuses on how we keep that data safe.
Data Protection
We protect personal data at every stage of its lifecycle:
- In transit: All communication between your device and ROOPB servers is encrypted using TLS 1.2 or higher (HTTPS).
- At rest: Sensitive data such as authentication tokens and credentials are stored using industry-standard encryption.
- In processing: Personal data is accessed only by authorized systems and personnel on a need-to-know basis.
- Minimization: We collect only the data necessary to operate the platform and do not retain it longer than required.
| Data Type | Protection Measure |
|---|---|
| Account credentials | Hashed passwords, secure session tokens |
| Payment transactions | Processed via PayOS — ROOPB does not store card or bank details |
| Location data | Encrypted in transit, used only for delivery routing |
| Order history | Access-controlled, retained per legal requirements |
Payment Security
ROOPB supports Cash on Delivery and PayOS online payments. Payment security works as follows:
- PayOS: Online payments are handled entirely by PayOS, a licensed Vietnamese payment gateway. ROOPB never sees or stores your bank account or card details.
- Payment verification: PayOS transactions are verified via secure webhook callbacks with cryptographic checksums before orders are confirmed.
- Cash on Delivery: No payment data is transmitted online. Payment occurs in person at delivery.
- Fraud prevention: Unusual payment patterns and duplicate transactions are monitored automatically.
Access Control
Access to systems and data within ROOPB is strictly controlled:
- Employee access is granted on a role-based, least-privilege basis.
- Administrative access requires multi-factor authentication.
- Access logs are maintained and reviewed regularly.
- Third-party vendors with data access are bound by data processing agreements.
- Merchant accounts can only access their own store data — not other merchants' information.
Infrastructure Security
Our platform infrastructure is designed with security at its core:
- Servers are hosted in secure data centers with physical access controls.
- Firewalls and network segmentation limit exposure between services.
- Software dependencies are regularly updated to patch known vulnerabilities.
- Automated monitoring detects anomalous activity and potential intrusions.
- Database backups are encrypted and tested for recovery on a regular schedule.
- Server logs are retained for 90 days for security auditing purposes.
Your Role in Security
Security is a shared responsibility. You can help protect your account by:
- Using a strong, unique password for your ROOPB account.
- Not sharing your login credentials with anyone.
- Logging out of shared or public devices after use.
- Keeping the ROOPB app updated to the latest version.
- Verifying order details and payment amounts before confirming.
- Reporting suspicious messages claiming to be from ROOPB.
ROOPB will never ask for your password, OTP, or full payment details via email, SMS, or phone call.
Incident Reporting
If you suspect a security incident involving your ROOPB account or data:
- Change your password immediately if you believe your account has been compromised.
- Report the incident to security@roopb.com with as much detail as possible.
- For suspected vulnerabilities in the ROOPB platform itself, email security@roopb.com — we appreciate responsible disclosure.
We will investigate all reported incidents and notify affected users as required by applicable law if a data breach occurs.
Contact
For security-related questions or concerns:
ROOPB Security Team
Email: security@roopb.com
Address: Ho Chi Minh City, Vietnam
Response time: Within 5 business days