Kreddi maintains enterprise-grade security controls with a formal Information Security Management System aligned to ISO 27001:2022.
All customer data is encrypted with AES-256 at rest and TLS 1.2+ in transit. Database connections require SSL. Access is restricted to authorised personnel with multi-factor authentication enforced on every system. Row-level security ensures customers can only ever see their own data.
We run 24/7 security monitoring across application, database, and infrastructure layers with real-time alerting and defined escalation procedures. We maintain a formal incident response plan with documented playbooks, severity levels, and response SLAs. We comply with the Notifiable Data Breaches scheme and have established OAIC notification procedures.
All technology partners are independently certified -- our infrastructure providers hold SOC 2 Type 2 certification, and payment processing is PCI DSS Level 1 compliant. We never store card data. Every supplier undergoes security assessment, and we maintain Data Processing Agreements with all providers who handle personal information.
Completed
Current
Next
For detailed security information or to request our full security documentation, get in touch.
Contact Us