🔐 Security

Information Security Policy

How ROOPB protects your personal information, secures transactions, and maintains the integrity of our platform.

Last updated: June 20, 2026
Policy

Overview

ROOPB takes the security of your personal information and payment data seriously. This Information Security Policy describes the technical and organizational measures we use to protect data across our platform, mobile app, and merchant portal.

This policy complements our Privacy Policy, which covers what data we collect and how we use it. This document focuses on how we keep that data safe.

Section 01

Data Protection

We protect personal data at every stage of its lifecycle:

  • In transit: All communication between your device and ROOPB servers is encrypted using TLS 1.2 or higher (HTTPS).
  • At rest: Sensitive data such as authentication tokens and credentials are stored using industry-standard encryption.
  • In processing: Personal data is accessed only by authorized systems and personnel on a need-to-know basis.
  • Minimization: We collect only the data necessary to operate the platform and do not retain it longer than required.
Data Type Protection Measure
Account credentials Hashed passwords, secure session tokens
Payment transactions Processed via PayOS — ROOPB does not store card or bank details
Location data Encrypted in transit, used only for delivery routing
Order history Access-controlled, retained per legal requirements
Section 02

Payment Security

ROOPB supports Cash on Delivery and PayOS online payments. Payment security works as follows:

  • PayOS: Online payments are handled entirely by PayOS, a licensed Vietnamese payment gateway. ROOPB never sees or stores your bank account or card details.
  • Payment verification: PayOS transactions are verified via secure webhook callbacks with cryptographic checksums before orders are confirmed.
  • Cash on Delivery: No payment data is transmitted online. Payment occurs in person at delivery.
  • Fraud prevention: Unusual payment patterns and duplicate transactions are monitored automatically.
Section 03

Access Control

Access to systems and data within ROOPB is strictly controlled:

  • Employee access is granted on a role-based, least-privilege basis.
  • Administrative access requires multi-factor authentication.
  • Access logs are maintained and reviewed regularly.
  • Third-party vendors with data access are bound by data processing agreements.
  • Merchant accounts can only access their own store data — not other merchants' information.
Section 04

Infrastructure Security

Our platform infrastructure is designed with security at its core:

  • Servers are hosted in secure data centers with physical access controls.
  • Firewalls and network segmentation limit exposure between services.
  • Software dependencies are regularly updated to patch known vulnerabilities.
  • Automated monitoring detects anomalous activity and potential intrusions.
  • Database backups are encrypted and tested for recovery on a regular schedule.
  • Server logs are retained for 90 days for security auditing purposes.
Section 05

Your Role in Security

Security is a shared responsibility. You can help protect your account by:

  • Using a strong, unique password for your ROOPB account.
  • Not sharing your login credentials with anyone.
  • Logging out of shared or public devices after use.
  • Keeping the ROOPB app updated to the latest version.
  • Verifying order details and payment amounts before confirming.
  • Reporting suspicious messages claiming to be from ROOPB.

ROOPB will never ask for your password, OTP, or full payment details via email, SMS, or phone call.

Section 06

Incident Reporting

If you suspect a security incident involving your ROOPB account or data:

  • Change your password immediately if you believe your account has been compromised.
  • Report the incident to security@roopb.com with as much detail as possible.
  • For suspected vulnerabilities in the ROOPB platform itself, email security@roopb.com — we appreciate responsible disclosure.

We will investigate all reported incidents and notify affected users as required by applicable law if a data breach occurs.

Section 07

Contact

For security-related questions or concerns:

ROOPB Security Team
Email: security@roopb.com
Address: Ho Chi Minh City, Vietnam
Response time: Within 5 business days