Ethoca Policies

Explore our corporate policies, data usage disclosures, and compliance standards for payment security and data protection.

View Data Policy Security Standards

Corporate Policies

Data Handling Policy

Transparent guidelines for how we process transaction data, fraud detection metrics, and customer information.

Read Policy →

Security & Compliance

ISO 27001, PCI DSS, and GDPR-compliant operations for all data processing systems.

View Standards →

Partnership Agreements

Terms for service providers, white-label implementations, and partner data sharing.

Review Terms →

Employee Code of Conduct

Ethics guidelines, anti-bribery policies, and whistleblower protections.

Review Policy →

Data Usage Policy

How We Handle Your Data

We process transaction metadata for fraud detection at the request of our clients. All processing activities are done in secure, encrypted sandboxes with automatic deletion after 90 days unless required for investigations.

Client data is never shared with third parties without explicit customer consent
Anonymized fraud patterns are shared with law enforcement agencies in encrypted aggregate formats
Data retention policies comply with GDPR and PCI DSS standards

Security Standards

Authentication

All systems require multifactor authentication for API access. Regular security audits are performed by third-party penetration testing firms.

✓ OAuth 2.0 with hardware tokens
✓ Quarterly penetration tests
✓ TLS 1.3 encryption end-to-end

Incident Response

Breach notification occurs within 72 hours via our automated compliance alerting system. Response times have historically averaged under 15 minutes for critical issues.

24/7 Security Operation Center
ISO 27001 Compliance
Penetration Testing

Need Clarifications?

For any policy inquiries or additional documentation, please contact our governance team.

Email Our Team +1 (222) 333-4444