Secure Pay

 

Last update: 18th April, 2026  

 

At Durosign, we are committed to maintaining the highest standards of payment security and data protection. This Payment Security Policy outlines the measures implemented to safeguard your financial information in compliance with applicable laws, including the Information Technology Act, 2000 (India) and globally recognized data protection principles such as the General Data Protection Regulation (GDPR).

 

1.  Legal Compliance & Regulatory Framework

Durosign.in ensures that all payment processing activities adhere to:

•        The provisions of the Information Technology Act, 2000, including rules relating to data protection and reasonable security practices  

•        Applicable rules under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011  

•        International best practices aligned with GDPR principles, including data minimization, purpose limitation, and lawful processing  

•        Payment Card Industry Data Security Standards (PCI DSS)  

By using our website, you acknowledge and consent to the processing of your data in accordance with this policy.

 

2.  Data Encryption & Secure Transmission

 

 

All financial transactions conducted on Durosign.in are secured using industry-standard encryption protocols:

•        We use Transport Layer Security (TLS) to encrypt data transmitted between your device and our servers  

•        Encryption ensures that sensitive information is unreadable to unauthorized parties  

•        Secure HTTPS protocols are enforced across all payment pages  

 

3.  Data Processing & Storage Limitations

In compliance with legal requirements:

•        Durosign.in does not store complete payment card details on its servers  

•        Sensitive payment information is processed securely through certified third-party providers  

•        Data collection is limited to what is necessary for transaction processing and legal compliance  

•        Personal data is retained only for as long as required under applicable laws  

 

4.  Tokenization & Data Protection

We implement tokenization to enhance data security:

•        Payment details are replaced with randomly generated tokens  

•        Original data is stored in secure, PCI-compliant environments  

•        Tokens are meaningless if intercepted, preventing misuse  

 

5.  Authentication & Customer Verification

To prevent unauthorized transactions, we enforce strong authentication measures:

•        Two-Factor Authentication (2FA) where applicable  

•        3D Secure (3DS) authentication for card payments  

•        Risk-based authentication protocols to detect suspicious behavior  

These measures align with Strong Customer Authentication (SCA) principles under GDPR.

 

6.  PCI DSS Compliance

Durosign.in operates on Shopify, which is:

Designed to securely process, store, and transmit payment data  

 

7.  Secure Payment Gateways

All payments are processed via secure and certified gateways:

•        End-to-end encryption of transaction data  

•        Compliance with PCI DSS and international security protocols  

•        Secure authorization between customer, merchant, and financial institutions  

 

8.  Fraud Prevention & Monitoring

 

 

We employ advanced fraud detection and prevention systems:

•        Real-time transaction monitoring and risk scoring  

•        Identification of suspicious activity, including proxy or VPN usage  

•        Automated fraud alerts and manual review processes  

•        Chargeback management and dispute resolution mechanisms  

 

9.  Network Security & System Protection

We maintain robust technical safeguards, including:

•        Firewalls and intrusion prevention systems  

•        Restricted access controls and authentication protocols  

•        Network segmentation and monitoring  

•        Periodic security audits and vulnerability assessments  

 

10.  Security Updates & Incident Management

•        Regular application of security patches and updates  

•        Continuous monitoring for emerging threats  

•        Defined incident response plan in case of data breaches  

•        Timely notification to affected users and authorities, as required by law  

 

11.  Data Subject Rights (GDPR Principles)

Where applicable, users may exercise the following rights:

•        Right to access personal data  

•        Right to correction or erasure  

•        Right to restrict or object to processing  

•        Right to data portability  

Requests may be submitted via our contact details below.

 

12.  User Responsibility

Users are responsible for maintaining the confidentiality of their account credentials and must:

•        Not share OTPs or passwords  

•        Use secure devices and networks  

•        Report any suspicious activity immediately  

Durosign.in shall not be liable for unauthorized transactions arising due to user negligence.

  

13.  Limitation of Liability

While Durosign.in implements industry-standard security measures, no digital platform can guarantee absolute security. To the fullest extent permitted by law:

•        Durosign.in shall not be liable for indirect or consequential losses arising from unauthorized access beyond its reasonable control  

•        Liability, if any, shall be governed in accordance with applicable laws in India  

 

14.  Governing Law & Jurisdiction

This policy shall be governed by and construed in accordance with the laws of India. Any disputes arising shall be subject to the exclusive jurisdiction of courts located in Pune.

 

Contact Information

For any questions regarding this Payment Security Policy or data protection practices: support@durosign.in