Security Policy
1. Introduction
At 11Exch, safeguarding user information and platform integrity is our highest priority.
This Security Policy defines the technical and organizational measures we use to protect data against unauthorized access, breach, or loss.
It operates in conjunction with the Compliance & Security, Privacy Policy, and Data Protection Policy.
2. Purpose & Scope
This policy covers:
All digital operations of https://11exchzone.com and associated sub-domains.
Data collected from users, affiliates, advertisers, and employees.
Internal servers, databases, and cloud infrastructure used for ID and affiliate facilitation.
It applies to every staff member and partner authorized under the Compliance & Licensing framework.
3. Security Governance
11Exch maintains a dedicated Information Security Management System (ISMS) aligned with ISO 27001.
Governance is managed by the Chief Security Officer (CSO) and the Compliance Department, who oversee:
Policy implementation and risk assessment.
Vulnerability testing and incident response.
Periodic employee training and vendor evaluation.
4. Core Security Principles
Our security ecosystem is built on four foundations:
| Principle | Objective | Linked Policy |
|---|---|---|
| Confidentiality | Protect all personal and financial data from unauthorized access. | Privacy Policy |
| Integrity | Ensure data remains accurate and unaltered through controls and logs. | Data Protection Policy |
| Availability | Maintain uninterrupted service with redundant servers and backups. | Compliance & Security |
| Accountability | Track access and changes via secure audit trails. | Transparency Report |
5. Encryption & Data Protection
All information transmitted through our platform is protected by:
256-bit SSL/TLS encryption for data in transit.
AES-256 encryption for data at rest.
Tokenized user identifiers for anonymized processing.
Secure password hashing using Bcrypt with salt.
Encryption keys are rotated regularly and stored in isolated vaults under multi-factor access.
6. Access Control
Access to data and infrastructure is granted strictly on a least-privilege basis.
All employees use MFA (logins + OTP).
Administrative privileges are granted only after security clearance.
Access logs are monitored 24×7 to detect anomalies.
Violations trigger automated alerts and manual review under the User Trust & Conduct policy.
7. Infrastructure Security
Our servers are housed in tier-III data centers with:
Biometric entry control and 24×7 CCTV surveillance.
Firewall protection with DDoS mitigation.
Regular patch management and firmware updates.
Geo-redundant backups to ensure data continuity.
All vendors are audited under the Compliance & Licensing policy.
8. Monitoring & Threat Detection
We deploy advanced monitoring systems to detect suspicious activities in real time:
Intrusion Detection System (IDS) and Security Information & Event Management (SIEM).
Daily log review for failed logins, IP anomalies, and unusual data flows.
Automated lockout after multiple failed attempts.
Findings are reviewed during quarterly audits and summarized in the Transparency Report.
9. Incident Response Protocol
In case of any security incident or data breach, 11Exch follows a strict Incident Response Plan:
Immediate containment and system isolation.
Root-cause analysis by the Security Team.
User notification within 72 hours (if data is affected).
Remedial patch deployment and prevention review.
Regulatory report submission under the Compliance & Security framework.
10. Data Backup & Recovery
Automatic daily backups stored in encrypted cloud vaults.
Weekly off-site replication for disaster recovery.
Tested recovery time objective (RTO) of less than 3 hours.
These measures ensure business continuity during system failures or natural disasters.
11. Third-Party Security
All third-party vendors, advertisers, and software providers must:
Undergo security due-diligence before onboarding.
Comply with our Data Protection Policy.
Sign a binding Non-Disclosure Agreement (NDA).
Adhere to GDPR and DPDP 2023 standards.
Non-compliance leads to immediate termination and reporting under Compliance & Licensing.
12. User Awareness & Security Education
We empower users to protect their own accounts through:
Strong password recommendations.
Education on phishing and social engineering.
Periodic email alerts about security best practices.
Awareness content on the Responsible Gaming (18+) and User Trust & Conduct pages.
13. Employee Security Training
Every employee and contractor undergoes mandatory training on:
Data privacy & encryption protocols.
Incident response and breach notification procedures.
AML & fraud awareness.
Cyber-ethics and professional conduct.
Training sessions are renewed bi-annually as outlined in the Compliance & Security policy.
14. Risk Assessment & Audits
We perform routine security audits to evaluate risk exposure:
Quarterly internal vulnerability assessments.
Annual third-party penetration testing.
Compliance audits against ISO 27001 controls.
Results and corrective actions are summarized in our Transparency Report.
15. Fraud & Abuse Prevention
Our system automatically detects and flags fraudulent activities such as:
Fake ID requests or duplicate accounts.
Manipulation of affiliate links.
Automated bot registrations.
Abnormal financial patterns.
All fraud alerts are handled in coordination with the Compliance & Licensing and Grievance Redressal teams.
16. Data Retention & Deletion
User data is retained only as long as necessary to meet operational or legal requirements.
Upon account closure or expiry, data is:
Anonymized for analytics use, or
Permanently deleted within 90 days.
All deletions are logged and verified per the Data Protection Policy.
17. Security Testing & Bug Reporting
We encourage ethical hackers and security researchers to report vulnerabilities responsibly.
Reports can be sent to security@11exch.com with a detailed description and proof of concept.
All verified reports are acknowledged within 48 hours and rewarded under our internal Bug Bounty Program.
18. User Responsibilities
While we maintain robust security controls, users are expected to:
Keep login credentials confidential.
Avoid sharing accounts or devices.
Report suspicious activity immediately.
Follow all community guidelines under User Trust & Conduct.
19. Reporting Security Incidents
If you believe your account or data has been compromised, please notify us immediately at:
📧 security@11exch.com
📩 grievance@11exch.com
🌐 Use the Contact Us form with the subject “Security Incident Report”.
We respond within 24 hours and resolve critical cases within 72 hours.
20. Policy Review & Updates
This Security Policy is reviewed semi-annually and updated to reflect new technological or regulatory developments.
All changes are recorded in the Corrections & Updates section for public reference.
21. Disclaimer
While we implement industry-standard controls, no system is completely immune to cyber threats.
By using 11Exch, you acknowledge these risks and agree to the limitations outlined in the Disclaimer and Terms & Conditions.
🕓 Last Updated: October 15, 2025
© 2025 11Exch. All Rights Reserved.
See our Transparency Report for annual security audit summaries and incident metrics.
