Data Security Statement
Overview of KAIGA's data security measures, including encryption, access control, and incident response practices.
Our Commitment
At KAIGA, we are committed to protecting the security and confidentiality of your data. We implement and maintain security measures appropriate to the nature of the data we hold and the risks involved, in accordance with the Protection Obligation under Singapore's Personal Data Protection Act 2012 (PDPA).
Security Measures
1. Encryption
- Data in Transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security).
- Data at Rest: Stored data, including database backups, is encrypted using industry-standard encryption.
2. Access Control
- Access to personal data is restricted to authorised personnel on a need-to-know basis.
- We use role-based access controls to limit what data each team member can access.
- Authentication is secured through strong password requirements and session management.
3. Secure Infrastructure
- Our platform is hosted on reputable cloud infrastructure providers that maintain industry-standard security certifications.
- We rely on our cloud providers' physical security measures, including access controls and environmental protections at their data centres.
- We apply security patches and updates to our systems promptly.
4. Application Security
- We use httpOnly cookies and CSRF protection to guard against common web attacks.
- User passwords are hashed using secure, one-way hashing algorithms — we never store passwords in plain text.
- Payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. We do not store full credit card details on our servers.
5. Data Backup
- We perform regular data backups to protect against data loss.
- Backups are stored securely and encrypted.
6. Third-Party Security
- We select third-party service providers that demonstrate appropriate security practices.
- Our key service providers (Stripe, cloud hosting, email delivery) maintain their own security certifications and compliance programmes.
7. Incident Response
- We maintain procedures for detecting, assessing, and responding to security incidents.
- In the event of a data breach, we will notify the Personal Data Protection Commission (PDPC) and affected individuals in accordance with the PDPA's data breach notification requirements.
Your Role
While we implement these security measures, the security of your account also depends on you:
- Keep your login credentials confidential.
- Use strong, unique passwords.
- Log out of your account when using shared devices.
- Report any suspicious activities to support@kaiga.org immediately.
- Be cautious of phishing emails — KAIGA will never ask for your password via email.
Continuous Improvement
We periodically review our security practices and update them as needed to address new and evolving threats. Our security measures evolve with our platform and the threat landscape.
Contact Us
If you have any questions or concerns about our data security practices, or if you wish to report a security vulnerability, please contact us:
Email: support@kaiga.org
Subject: Security Inquiry
Last Updated: 10 February 2026