Privacy and Security
Know the implementations and good practices of Cuvex
The best way to guarantee the security and privacy of our customers' data is not to store customer data, beyond what is strictly necessary.
​
In the designed purchase flow, our customers can buy our products with the guarantee that their data is safe, during the period in which we handle it and that it will be deleted in the shortest possible time.
​
In the case of requesting the delivery of your order directly to your home or to a usual address such as your work, this information will only be stored in encrypted form on our servers and we will only keep it for the time strictly necessary, being deleted from our servers when the order has been delivered.
Additionally, only for those customers who request a nominative invoice, we will be obliged to store the information necessary for the issuance of this invoice, during the term that the law obliges us.
​
In any case, due to our status as expert consultants in computer security and payment methods, all our infrastructure of servers, systems and databases, are by default implemented under the highest standards of the industry, being any data of our clients encrypted from the moment it is stored, until the moment it is deleted.
Some of the most important actions we take to ensure the privacy and security of a computer system containing customer data include
1. We implement robust security policies and update them regularly.
2. We install updated security software, such as a firewall, event correlators, an antivirus, ...
3. We keep all software and operating systems updated with the latest security fixes.
4. We implement strong authentication, such as strong passwords and two-factor authentication.
5. We regularly back up important data.
6. We encrypt sensitive data when storing and transmitting it.
​
7. We control and monitor access to systems and data.
8. We limit access to data to only the people who need it to do their jobs.
9. We install intrusion detection software to detect and prevent attacks.
​
10. We conduct penetration testing regularly to identify security weaknesses.
11. We use network security techniques, such as network segmentation.
12. We configure the firewall to block unwanted traffic.
​
13. We monitor and control user permissions.
14. We educate employees about the importance of safety and how to maintain it.
​
15. We keep privacy policies updated and inform customers about how their data is handled.
16. We are transparent about the data that is collected and how it is used.
17. We have a backup and recovery plan in case of a security outage.
18. We ensure compliance with relevant laws and regulations, such as GDPR and CCPA.
19. We protect data upon termination or discontinuation of the use of a system or device.
20. We conduct regular security audits to verify compliance with security policies and procedures.
​
21. Protection of critical systems and data from solar storms by saving anti-disaster copies in Faraday Cages. Learn more from here.
Cuvex App
Zero Knowledge Policy
The Cuvex App is designed based on a strict Zero Knowledge policy.
Cuvex does not request, store or manage any identifying data of users.
For example, unnecessary permissions such as GPS location are not requested. The permissions that are requested are strictly necessary for required functionalities.
But in addition, no personal data is required to use it, any customer can use the App and manage their Cuvex cards without indicating in the App any personal data, not even their email.
Any card management data, such as Alias, balance or transactions, is stored in the secure element of the Smartphone itself, we will never have access to such data on Cuvex servers.
The Balance Alerts service in Watch Only mode, shares with our servers only the Public Key of the Wallets that the user activates only for this service, without any other personal or identification data of the user.
The public key is necessary so that our block explorer engine has the ability to identify any transaction linked to it and can send a Push Notification to the App in order to inform the user in real time of reductions or increases in balance, being the App the one that stores locally the new information received.
Our block scanning and push notification process are completely anonymized by design, as we do not store any data from the notification process, removing all non-binding information from our systems once it is sent to the requesting App.
But most importantly, we do not have the ability to link a customer to a public key and neither would any third party who could access our systems, even if they accessed them with a court order.