Our Security Commitment
We protect your data and ensure the integrity of our platform—with practical, PH-aligned controls across DFY CRM + Payments.Last reviewed:
Your Security Is Our Priority
At Done For You PH, we implement practical, industry-aligned safeguards to protect your data and keep our platform reliable. Our approach focuses on encryption, access control, monitoring, and incident response — built for the Philippine context and the way local businesses operate.
Security Program
Our security program covers people, process, and technology. We continuously review our controls and vendor posture.
- Risk-based Controls
Encryption in transit & at rest (where applicable), least-privilege access, environment isolation.
- Monitoring
Centralized logging, anomaly detection, and alerting for suspicious activities.
- Incident Response
Documented procedures, rapid triage, stakeholder comms, and post-incident reviews.
- Secure SDLC
Code review, dependency scanning, and change management for all releases.
Key Controls
PH-alignedTLS for data in transit; encryption at rest for sensitive records where applicable.
Role-based permissions, MFA for privileged accounts, and audit trails.
Hardened cloud environments with network segmentation and least privilege.
Regular backups, integrity checks, and tested restoration procedures.
Dependency scanning, patch cadence, and risk-based remediation.
Peer reviews, CI checks, and secrets management across environments.
Best Practices We Follow
- Practice
Multi-factor authentication for admin and engineering access.
- Practice
Change management: reviews, approvals, and staged rollouts.
- Practice
DDoS & abuse protections via provider-level safeguards.
- Practice
Continuity planning with documented RTO/RPO targets.
Compliance & Regional Alignment
We align our privacy practices with the DPA 2012 and guidance from the National Privacy Commission (NPC), including purpose limitation, transparency, and data subject rights.
DFY Payments integrates with approved gateways (e.g., Xendit). They handle card data and PCI DSS obligations. We do not store full card PANs and rely on tokens/refs provided by the gateway.
Our cloud providers may process data outside the Philippines. We apply contractual and technical safeguards for cross-border transfers and maintain least-privilege access to production systems.
Report a Security Issue
If you discover a vulnerability or potential risk, please notify us privately so we can verify and fix the issue quickly.
- How to contact us
Email [email protected] with a clear description, steps to reproduce, and any proof-of-concept.
- What we’ll do
We’ll acknowledge receipt, triage severity, keep you updated, and push a fix as soon as possible.
We have a responsible disclosure mindset and won’t pursue legal action for good-faith research.
Security FAQ
Do you store full card numbers (PANs)?
No. Card data is handled by the payment gateway (e.g., Xendit). We receive tokens/refs only.
Can I request deletion of my data?
Yes. Subject to legal/regulatory obligations, you can email us to request deletion or access.
Where is my data stored?
Our providers may store/process data in multiple regions. We apply contractual and technical safeguards.
How do you handle incidents?
We have documented response procedures: triage, containment, remediation, and post-incident review with user notifications as required by law.