ebanx terms & conditions

Information Security Policy

March 21, 2025

EBANX recognizes the responsibility to protect all data and information processed, regardless of whether it belongs to EBANX, partners or third parties. By protecting this data and information, we can ensure that we maintain our reputation as a trusted employer and partner, allowing us to grow as a business and providing incredible services to promote the success of any client.


To demonstrate our commitment to Information Security and data protection, EBANX implements the best practices of Information Security and Privacy controls recommended by the market.


It is the responsibility of all ebankers, regardless of their level, to familiarize themselves with and comply with our Information Security, Privacy and Personal Data Governance policies, our Information Security and Privacy Management System.


With the growth of the company, EBANX recognizes that its responsibilities and scope have become more complex, aiming at the most demanding standards of Information Security and Privacy. This requires EBANX to evolve by ensuring that the entire company is aware, engaged and organized to maintain compliance with these standards and the other norms of our Information Security and Privacy Management System.


In this way, our Information Security and Privacy Management System is structured based on the following objectives:

1. Comply with the requirements of our contracts with our customers and comply with the regulations and legislation applicable to our business.

2. Establish, maintain and continuously improve EBANX's Information Security and Privacy Management System in order to mitigate the risks associated with the Confidentiality, Integrity and Availability of personal information and data;

3. Ensure that all EBANX employees and any other parties acting on behalf of EBANX are aware of their responsibilities regarding Information Security and Privacy.

It is the duty of senior management and other leaders to ensure that all the resources necessary to comply with the requirements of our SGSIP are available and that their execution is effective and effective. The C‐Level fully supports the Information Security and Privacy policies, standards and procedures and actions related to the operation, maintenance and improvement of the controls and processes required by ISO/IEC and PCI-DSS certifications and requires all ebankers, partners and third parties to do the same.

João Del Valle – CEO


Introduction and Objectives

The Information Security Policy provides guidance for compliance with legal and regulatory requirements, as well as orienting the management of Information Security and Privacy risks, to maintain the Confidentiality, Integrity, and Availability of information assets and technological resources owned or maintained by EBANX.


The goals of this Policy are:


  • Comply with relevant regulations and legislation and contractual requirements with strategic partners;

  • Ensure that all ebankers and any other parties acting on behalf of EBANX are aware of their responsibilities regarding Information Security and Privacy;

  • Define, establish and maintain effective security controls to protect the information assets under EBANX's control against threats or violations of Confidentiality, Integrity and Availability of information. 




Information Security principles


To maintain the excellence of EBANX's services, one of our priorities is the commitment to the security of the information under our responsibility. This commitment is embodied in this Policy, which is based on the following principles:

  • Confidentiality: property that ensures that only authorized people or systems have access to certain information;

  • Integrity: property that ensures that only authorized people or systems perform the modification of certain information; 

  • Availability: property that ensures that information is available to authorized persons;

  • Authenticity: the assurance that the information provided originates from the stated source of that the author of the information is actually the stated author;

  • Non-repudiation: the guarantee that the person who signed or created the information will not deny it.


The above principles aim to protect information from various types of threats, ensure business continuity, prevent damages, and maximize return on investment and business opportunities.


For matters related to Information Security, please contact us at: infosec@ebanx.com