+91 93562 95153 help@refferal.in
WhatsApp
Home / Security Protocol

Security Protocol

Last updated: April 1, 2026

1. Our Commitment to Security

At Refferrel, the security of your personal information, financial data, and transactions is our highest priority. We employ industry-leading security measures and follow best practices to ensure that your data remains protected at all times. This Security Protocol outlines the measures we take to safeguard your information on our platform.

2. Data Encryption

All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security), the latest and most secure encryption protocol available. This ensures that your personal details, payment information, and browsing activity cannot be intercepted by unauthorised parties.

  • In Transit: All API calls, form submissions, and page loads are served over HTTPS with TLS 1.3 encryption.
  • At Rest: Sensitive data stored on our servers is encrypted using AES-256 encryption, the same standard used by banks and government agencies worldwide.
  • Payment Data: We never store your full credit/debit card numbers or UPI PINs. All payment processing is handled by PCI DSS Level 1 certified payment partners.

3. Authentication & Access Control

We implement robust authentication mechanisms to protect your account from unauthorised access:

  • OTP Verification: All account registrations and logins require mobile OTP verification to confirm your identity.
  • Session Management: Sessions are automatically expired after periods of inactivity. Logging in from a new device triggers a security alert to your registered mobile number.
  • Role-Based Access: Internal access to user data is strictly restricted based on employee roles. Only authorised personnel with a legitimate business need can access sensitive information.
  • Multi-Factor Authentication: Administrative and partner portal access requires multi-factor authentication (MFA) for an additional layer of security.

4. Payment Security

Financial transactions on Refferrel are processed through RBI-compliant and PCI DSS certified payment gateways. We support secure payment methods including UPI (Google Pay, PhonePe), net banking, debit/credit cards, and our in-app digital wallet.

  • Tokenisation: Card details are tokenised as per RBI guidelines, meaning your actual card numbers are replaced with secure tokens during transactions.
  • Fraud Detection: Our systems employ real-time fraud detection algorithms that monitor transactions for suspicious activity, unusual patterns, and potential threats.
  • Refund Protection: Token payments for community deals are held in escrow and fully refundable if the deal does not reach the required participant threshold.

5. Infrastructure Security

Our platform infrastructure is hosted on enterprise-grade cloud servers with multiple layers of protection:

  • Firewalls & WAF: Web Application Firewalls (WAF) and network firewalls protect against common attack vectors including SQL injection, cross-site scripting (XSS), and DDoS attacks.
  • Regular Audits: We conduct periodic security audits and vulnerability assessments through independent third-party security firms.
  • Intrusion Detection: 24/7 intrusion detection and prevention systems (IDS/IPS) monitor our infrastructure for potential threats.
  • Data Backups: Automated encrypted backups are performed daily and stored in geographically separate locations to ensure business continuity and disaster recovery.

6. Privacy & Data Protection

We comply with applicable Indian data protection laws and regulations, including the Digital Personal Data Protection Act (DPDPA), 2023. Your personal data is collected, processed, and stored in accordance with our Privacy Policy.

  • Data Minimisation: We only collect data that is necessary for providing our services. We do not sell your personal information to third parties.
  • Consent-Based Processing: Your data is processed based on your explicit consent, and you can withdraw consent at any time through your account settings.
  • Right to Erasure: You have the right to request deletion of your personal data from our systems, subject to legal and regulatory retention requirements.

7. Incident Response

In the unlikely event of a security incident, we have a comprehensive incident response plan in place:

  1. Detection: Our monitoring systems are designed to detect security incidents in real time.
  2. Containment: Immediate steps are taken to contain and mitigate the impact of any breach.
  3. Notification: Affected users are notified promptly as required by applicable laws and regulations.
  4. Remediation: Root cause analysis is performed, and corrective measures are implemented to prevent recurrence.

8. User Responsibilities

While we take extensive measures to protect your data, we also encourage you to follow these best practices:

  • Never share your OTP, password, or account credentials with anyone, including Refferrel employees.
  • Always verify that you are on the official Refferrel app or website before entering sensitive information.
  • Keep your device software and the Refferrel app updated to the latest version.
  • Report any suspicious activity or unauthorised access to your account immediately via security@refferal.in or WhatsApp at +91 93562 95153.

9. Updates to This Protocol

We may update this Security Protocol from time to time to reflect improvements in our security practices, changes in technology, or changes in applicable laws. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically.

10. Contact Us

If you have any questions or concerns about our security practices, please contact our security team at security@refferal.in. You can also reach us via WhatsApp at +91 93562 95153.

You may also write to us at: Refferrel Technologies Pvt. Ltd., WeWork BKC, Bandra Kurla Complex, Mumbai, Maharashtra 400051, India.

Connect with us