EBANX Compliance and Legal Hub

ebanx terms & conditions

Other Documents
EBANX Values
EBANX Privacy Policy
Code of Conduct
Socio-environmental Responsibility Policy
Information Security Policy
Information Security for Third Parties
Responsible Security Vulnerability Disclosure Policy
Gifts, Presents and Hospitality for Third Parties
Sustainability Report 2022
Restricted and Prohibited Products and Services
EBANX Supply and Partnership Standard
Policy Anti-Bribery and Corruption
Anti-Money Laundering And Counter Financing Of Terrorism Policy
Business Continuity Management
Standard for Vendors and Partners
Corporate Governance Policy

Information Security Policy

March 19, 2024

EBANX recognizes its responsibility to protect all data and information processed, regardless of whether it belongs to EBANX, partners, or third parties. By protecting this data and information, we can ensure that we maintain our reputation as a trusted employer and partner, allowing us to grow as a business and provide incredible services to promote the success of any client.

EBANX implements the best information security and privacy control practices the market recommends to demonstrate our commitment to information security and data protection.

Regardless of their level, all professionals must familiarize themselves with and comply with our Information Security and Personal Data Protection Governance Policy and our Information Security and Privacy Management System.

EBANX recognizes its responsibilities and scope have become more complex as the company has grown, aiming at the most demanding Information Security and Privacy standards. This requires EBANX to evolve by ensuring that the entire company is aware, engaged, and organized in maintaining compliance with these standards and the other norms of our Security and Privacy Management System.

As such, our Security and Privacy Management System is structured around the following objectives:

Comply with the requirements of our contracts with our customers and comply with the regulations/legislation applicable to our business.

Establish, maintain, and continuously improve the Information Security management system and privacy of EBANX to mitigate the risks associated with the Confidentiality, Integrity, and Availability of personal information and data.

Ensure that all EBANX employees and any other parties acting on behalf of EBANX are aware of their responsibilities regarding Information Security and privacy.

Senior management and other leaders must ensure that all the resources needed to fulfill the requirements of our IMSMS are available and that its execution is effective and efficient. The C-Level fully supports the Information Security and Privacy policies, standards, procedures, and actions related to the operation, maintenance, and improvement of the controls and processes required by the ISO/IEC and PCI-DSS certifications and needs all our professionals, partners, and Third Parties to do the same.

João Del Valle - CEO


Introduction and Objectives

The Information Security Policy guides the meeting of legal and regulatory requirements and managing Information Security and Privacy risks to maintain the Confidentiality, Integrity, and Availability of information assets and technological resources owned or maintained by EBANX.

The goals of this policy are:

  • Comply with the relevant regulations and legislation, as well as contractual requirements with strategic partners.

  • Ensure that all ebankers and any other parties acting on behalf of EBANX are aware of their responsibilities regarding Information Security and privacy.

  • Define, establish, and maintain adequate security controls to protect information assets under EBANX's control against Confidentiality, Integrity, and Availability breaches.

Information Security principles

To maintain the excellence of EBANX's services, one of our priorities is our commitment to the security of the information under our responsibility. This commitment is embodied in this Policy, which is based on the following principles:

  • Confidentiality: guarantee that only authorized persons or systems have access to certain information.

  • Integrity: guarantee that only authorized persons or systems can modify certain information.

  • Availability: assurance that information is available to authorized persons.

  • Authenticity: guarantee that the information provided originates from the declared source or that the author of the information is in fact the declared author.

  • Non-repudiation: guarantee that the person who signed or created the information will not deny it.

The above principles aim to protect information against various threats, guarantee business continuity, prevent damage, and maximize return on investment and business opportunities.

These principles aim to protect information from various types of threat, to ensure business continuity by preventing damages and maximizing return on investment and business opportunities.

For matters related to Information Security, please contact us at: infosec@ebanx.com