Trust & Security

Why Trust bridg.money?

At bridg.money, security, compliance, and reliability are the foundations of our platform. As a Technology Service Provider (TSP) working exclusively with RBI-licensed banks and regulated financial institutions, we are committed to safeguarding sensitive financial data and ensuring that all money movement on our platform adheres to the highest legal and technical standards.

Our mission is to ensure that your data and transactions remain secure, compliant, and always available. We combine strong governance, advanced technology, and continuous oversight to provide a platform trusted by merchants, banks, and regulators alike.

Security Practices

  • End-to-End Encryption: All data is encrypted using AES-256 standards when stored and protected with TLS 1.3 during transmission.
  • No Sensitive Storage: We do not store card CVV, PIN, Aadhaar biometrics, or other sensitive data beyond what is strictly necessary for compliance with RBI and AML guidelines.
  • Future PCI-DSS Readiness: While bridg.money does not currently process or store cardholder data directly, our infrastructure is designed to adopt PCI DSS controls if required in future collaborations with banks or card networks.
  • Role-Based Access Control (RBAC): All employee access is controlled by multi-factor authentication (MFA) and governed by the principle of least privilege.
  • Continuous Security Monitoring: 24×7 monitoring detects anomalies, intrusion attempts, or fraudulent activity in real time.
  • Regular Security Testing: Periodic vulnerability assessments and penetration tests (VAPT) are conducted by CERT-IN empanelled third-party auditors.
  • Independent Audits: Annual audits are performed to align with industry-recognised frameworks such as ISO/IEC 27001.
  • Employee Practices: All employees undergo background verification, sign NDAs, and complete mandatory security awareness training.

Compliance & Regulatory Alignment

  • RBI TSP & Payment Regulations: bridg.money operates strictly within the framework of the Payment & Settlement Systems Act, PMLA, and RBI Master Directions.
  • KYC/KYB Compliance: Our merchant onboarding (BridgOnboard & BridgVerify) ensures that all entities on the platform are verified in compliance with RBI AML/KYC requirements.
  • Data Protection Laws: We comply with the Digital Personal Data Protection (DPDP) Act 2023 and ensure fair and lawful processing of personal data.
  • Escrow & Pooled Account Structures: All merchant and customer funds are managed through escrow and pooled account arrangements that follow RBI-prescribed safeguards.
  • Reporting & Audit Trails: Automated reconciliation, STR/CTR filings, and regulatory reporting ensure transparency and accountability.
  • Regulatory Cooperation: We work closely with banks, FIU-IND, and regulators to ensure continuous alignment with evolving compliance expectations.
  • Vendor Risk Management: All critical third-party vendors (e.g., KYC providers, cloud services, SMS gateways) are assessed for compliance with security and data protection requirements before onboarding.

Infrastructure Reliability

  • High Availability: Our systems are designed with redundancy and disaster recovery measures to ensure uptime and resilience.
  • Multi-Bank Routing (BridgRoute): Transactions are intelligently routed across partner banks for better uptime and efficiency, reducing reliance on any single banking partner.
  • Disaster Recovery Protocols: Data is backed up regularly, and recovery processes are tested to meet operational continuity standards.
  • API Scalability: bridg.money APIs are designed to process large transaction volumes efficiently, without compromising security.
  • Business Continuity: RTO ≤ 1 hour and RPO ≤ 15 minutes for critical services; quarterly DR drills validate readiness.

Data Privacy & Rights

  • Data Minimisation: We collect only the information necessary to provide services and meet regulatory obligations.
  • No Sale of Data: bridg.money does not sell or rent personal data to advertisers or third parties.
  • Privacy by Design: Every feature we build incorporates privacy and data protection principles from inception.
  • Merchant Control: Merchants have rights to access, correct,port, or request deletion of their data subject to applicable laws and retention requirements.
  • Cross-Border Safeguards: International transfers, if required, are protected through Standard Contractual Clauses (SCCs) or equivalent safeguards.

Incident Management & Response

  • Breach Notification: In the event of a security breach that poses a risk to users, bridg.money will notify affected users and regulators as required under the DPDP Act, RBI guidelines, and other applicable laws.
  • Dedicated Response Team: A specialised incident response team ensures that any issue is investigated and remediated promptly.
  • Responsible Disclosure: We encourage ethical security researchers to responsibly disclose vulnerabilities to us at security@bridg.money
  • Incident Response SLAs: Critical incidents acknowledged within 24 hours; root cause analysis and closure report within 10 days.

Certifications & Assurance

We follow industry-leading practices and only claim certifications that we have formally achieved. Current compliance measures include:

  • ISO/IEC 27001 (under audit process) – Information Security Management System.
  • Regular third-party VAPT reports available to banking partners upon request.

We do not claim PCI DSS, SOC 2, or other certifications until formally obtained. However, our infrastructure and policies are designed to adopt these frameworks as business and regulatory needs evolve.

Contact Us

  • Security Team: security@bridg.money
  • Grievance Officer / Nodal & Compliance Officer: Ms. Priya Sharma
  • Registered Office: Bridg Financial Technologies Pvt. Ltd., WorkFlo Ranka Junction, Property No. 224, 3rd Floor, #80/3, Old Madras Road, Bengaluru 560016, India
  • Phone: +91 76765 12809

Optional Website Enhancements

  • Visual Compliance Badges: RBI TSP alignment, ISO 27001 (in progress).
  • Trust by Numbers:Highlight uptime percentage, number of merchants onboarded, and transactions processed securely.
  • Dedicated FAQ Section: Answer common security questions clearly (e.g., “Where is my data stored?” “How does escrow work?”).
  • Annual Transparency Report: Share statistics on uptime, security incidents, and compliance audits.
  • Certification Roadmap: Communicate future compliance milestones (e.g., SOC 2, PCI DSS if required, ISO 22301 for business continuity).