Security policy

Data Protection Standards

  1. Military-Grade Encryption
    All sensitive data (personal & financial) is protected via TLS 1.3+ encryption during transmission and AES-256 encryption at rest.

  2. Enterprise-Grade Storage
    Customer data resides on ISO 27001-certified servers with multi-layered defenses (firewalls/IDS/IPS).

  3. Strict Access Governance
    Data access follows role-based (RBAC) and need-to-know principles, audited quarterly.

Account Security Protocols

Requirement Enforcement Mechanism
Password Strength Minimum 12-character with upper/lower/symbol/number combinations
Password Rotation Mandatory update every 90 days with complexity validation
Login Security Temporary lockout after 3 failed attempts + suspicious activity alerts

Payment Security Assurance

  • PCI-DSS Compliant Processing
    Transactions handled through certified gateways (Stripe, 2C2P, PayPal).

  • Multi-Factor Authentication
    OTP/SMS verification required for all payment authorizations.

Privacy Commitment

✅ Data Minimization Principle
Collection limited to legitimate business purposes explicitly stated in our Privacy Policy.
✅ Zero-Sharing Mandate
No sale/sharing of personal data with third parties without explicit consent, except as required by Thai law (PDPA B.E. 2562).
✅ GDPR/CCPA Alignment
International privacy standards implemented where applicable.

Proactive Security Maintenance

▶ Continuous Threat Monitoring
Real-time tracking of emerging threats via SIEM systems.
▶ Bi-Annual Penetration Testing
Independent audits by CREST-certified security firms.
▶ Security Patch Management
Critical updates applied within 24 hours of vendor release.

Incident Reporting

Suspected security incidents or vulnerability disclosures:
🔒 Dedicated Security Teamsecurity@asiali.co.th (Response within 12 hrs)
☎️ Emergency Hotline: +66 63 516 6898 (Thai/English)

Last Updated: 30 May 2025