Security Policy

Our Commitment to Security

At NYVA Payments, we take the security of your personal and financial information seriously. We implement industry-standard security measures and work with Whop to protect your data from unauthorized access, disclosure, alteration, or destruction.

Technical Security Measures

Encryption

• Data in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
• Data at Rest: Sensitive data stored in our systems is encrypted using industry-standard encryption algorithms
• Payment Data: Payment card information is tokenized and processed through PCI-DSS compliant systems operated by Whop and its financial partners

Authentication and Access Control

• Multi-Factor Authentication (MFA): We support and encourage the use of MFA to protect your account
• Password Requirements: Strong password policies are enforced, requiring a minimum length and complexity
• Session Management: User sessions expire after periods of inactivity
• Access Controls: Internal access to customer data is restricted to authorized personnel only and logged for audit purposes

Infrastructure Security

• Secure cloud hosting with regular security updates and patches
• Firewalls and intrusion detection/prevention systems
• Regular vulnerability scanning and penetration testing
• Network segmentation to isolate sensitive systems
• DDoS protection and rate limiting

Fraud Prevention

We employ multiple layers of fraud detection and prevention:

• Transaction Monitoring: Real-time monitoring of transactions for suspicious activity
• Behavioral Analytics: Machine learning models to detect unusual patterns
• KYC Verification: Identity verification through Whop’s KYC process to prevent identity fraud
• Velocity Limits: Transaction limits to prevent unauthorized large transfers
• Device Fingerprinting: Tracking devices to identify suspicious login attempts

Data Protection Practices

Data Minimization

We collect only the personal information necessary to provide our Services and comply with legal requirements.

Regular Backups

We perform regular backups of critical data to ensure business continuity and disaster recovery capabilities.

Secure Development

Our development process includes:

• Secure coding practices and code reviews
• Security testing before deploying updates
• Regular security training for developers
• Third-party security assessments

Third-Party Security

We carefully select and vet our service providers, including our payment processor, to ensure they meet our security standards. All third-party providers are required to:

• Maintain appropriate security measures
• Process data only as instructed
• Comply with applicable data protection laws
• Notify us of any security incidents

Your Security Responsibilities

Security is a shared responsibility. To protect your account, you should:

• Use a strong, unique password for your NYVA Payments account
• Enable multi-factor authentication when available
• Keep your device and apps updated with the latest security patches
• Never share your login credentials with anyone
• Be cautious of phishing attempts — we will never ask for your password via email or phone
• Use secure internet connections — avoid public Wi-Fi when accessing your account
• Log out when using shared devices
• Review account activity regularly for unauthorized transactions
• Report suspicious activity immediately to security@nyvapay.com

Security Incident Response

In the event of a security incident:

• We will investigate promptly and take appropriate remediation actions
• We will notify affected users as required by applicable law
• We will cooperate with law enforcement and regulatory authorities
• We will review and update our security measures to prevent similar incidents

Compliance and Certifications

NYVA Payments and Whop comply with:

• Jamaica Data Protection Act 2020
• PCI-DSS (Payment Card Industry Data Security Standard) through our payment processors
• GDPR (for European users)
• SOC 2 Type II standards (through our infrastructure providers)

Reporting Security Vulnerabilities

We welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to us:

Security Team
Email: security@nyvapay.com
Please include:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact
• Any proof-of-concept code (if applicable)

We ask that you:

• Do not access or modify other users’ data
• Do not disrupt our services
• Give us reasonable time to address the issue before public disclosure

Updates to This Policy

We may update this Security Policy to reflect changes in our practices or security landscape. We will post updates on this page with a revised effective date.

Contact Us

For security-related questions or to report an incident, please contact:

Security Team
NYVA Payments
Email: security@nyvapay.com
Website: nyvapay.com