receiva | Privacy & Data Protection

Encryption Standards

AES-256 encryption at rest and TLS 1.3 for data in transit.

Encrypted backups with separate key management controls.

Managed key vault/KMS approach, with key rotation every 90 days and HSM support.

Rate limits, API key controls, request signing, and access governance are documented.

Transactional data retention: 7 years. Audit logs: 5 years. User activity logs: 3 years.

Privacy and security frameworks documented: GDPR, NDPR, and PCI DSS-aligned controls.