Trust Statement

This Trust Statement describes the general security, confidentiality, data protection and operational practices of PT NEXT TECH SOFTWARE (“Company”, “we”, “us”, “our”) in connection with software development, implementation, integration, support, maintenance and related technology services

Use of this website and the general terms applicable to our services are governed by our Terms of Service

This statement is provided for general informational purposes. Project-specific security, hosting, backup, audit, support, service level, incident notification or compliance requirements are agreed separately in the applicable proposal, Statement of Work, service agreement, security addendum or other written agreement

1. Company Information

This website is operated by:

2. Our Role

The Company provides B2B software development and technology services

The Company acts solely as a technology services provider. We do not provide banking, payment, e-money, investment, lending, crypto-asset, wallet, custody, remittance, acquiring, card issuing or other regulated financial services

Where a client project involves regulated functionality, the client and/or its licensed financial service providers remain responsible for all required licences, approvals, KYC/AML, sanctions screening, transaction monitoring, customer onboarding, customer disclosures and other regulated obligations

Nothing on this website should be interpreted as an offer to provide regulated financial services

3. Security Approach

We apply reasonable technical and organisational measures designed to protect client information, project materials, access credentials, source code, systems and personal data against unauthorised access, loss, misuse, alteration or disclosure

Our security approach is based on practical controls appropriate for a B2B software development and technology services provider, including controlled access, confidentiality obligations, secure handling of credentials, project-based access restrictions and incident escalation procedures

Project-specific security requirements may be agreed separately depending on the nature, risk profile and technical scope of the client engagement

4. Access Control

Access to client systems, repositories, project documentation, infrastructure, communication tools and other project resources is limited to personnel who need such access for service delivery

Where supported by the relevant systems and tools, we use authentication, role-based permissions and need-to-know access principles

Access may be reviewed, modified or removed when project requirements change, personnel roles change or the client engagement ends

5. Confidentiality

We treat client information, project documentation, technical materials, credentials, source code, business information and non-public communications as confidential

Personnel, contractors and service providers who may access client information are expected to follow confidentiality obligations and use such information only for the purpose of delivering the agreed services

6. Credential Handling

Credentials, API keys, tokens, passwords, administrative access and other sensitive access information are handled with care and used only for authorised project purposes

Clients are encouraged to provide individual user accounts, limited permissions and temporary access where possible

Production access should be limited to what is necessary for the agreed scope of work and should be revoked or adjusted when no longer required

7. Software Development Practices

Our software development practices may include, depending on the project scope:

• project planning and technical documentation
• source code management
• code review or peer review where appropriate
• issue tracking and change management
• testing before deployment
• use of reputable tools, frameworks and third-party services
• reasonable review of third-party dependencies where relevant
• controlled deployment processes

Specific development, testing, deployment, security or acceptance requirements are agreed separately in the relevant proposal, Statement of Work or service agreement

8. Data Protection

We process personal data in accordance with our Privacy Policy and, where applicable, our Data Processing Agreement

Where we process personal data on behalf of a client, we process such data only for the purpose of providing the agreed services and in accordance with the client’s documented instructions

We do not intentionally process sensitive personal data unless it is necessary for a specific project and appropriate safeguards are agreed

9. Backups and Recovery

Backup, recovery, disaster recovery, hosting, uptime and retention arrangements depend on the technical architecture, hosting model, project requirements and applicable agreement

Where the Company is responsible for hosting, maintenance or backup-related services, the relevant scope, responsibilities, retention periods, recovery expectations and service levels should be agreed in the applicable Statement of Work, service agreement or support plan

Where the client controls hosting or infrastructure, the client remains responsible for backup, recovery, availability and infrastructure security unless otherwise agreed in writing

10. Incident Response

If we become aware of a security incident affecting client information, personal data, systems or project resources under our responsibility, we will take reasonable steps to assess, contain and address the incident

Where an incident affects a client project or client-controlled data, we will notify the client without undue delay after becoming aware of the incident and cooperate reasonably with investigation and remediation

The client remains responsible for any regulatory, customer, user or public notifications unless otherwise required by applicable law or agreed in writing

11. Third-Party Providers

We may use third-party providers for hosting, cloud infrastructure, development tools, project management, communication, analytics, security, backup, accounting, legal or other business operations

Where third-party providers process personal data on behalf of a client project, such processing may be subject to our Data Processing Agreement or other agreed data protection terms

We use reputable providers and apply reasonable contractual or operational safeguards appropriate to the nature of the service

Specific hosting providers, cloud platforms, subprocessors or technical tools may be agreed with the client where required by the project scope or applicable agreement

12. Client Responsibilities

Clients are responsible for:

• providing accurate project requirements and timely instructions
• granting only the access necessary for project delivery
• maintaining the security of client-controlled systems, accounts and infrastructure
• ensuring that client-provided data, materials and instructions are lawful
• obtaining required licences, consents, notices and approvals
• reviewing and testing deliverables before production use
• complying with laws and regulations applicable to their business, users and industry

13. No Certification Claims

Unless expressly stated in writing, the Company does not claim to be certified under ISO 27001, SOC 2, PCI DSS or any other specific security, privacy or compliance certification

Our controls are designed to align with reasonable industry practices for B2B software development and technology services. Any project-specific certification, audit, regulatory or security requirement must be agreed separately in writing

14. Responsible Client Engagement

The Company does not knowingly provide services for projects designed to facilitate fraud, money laundering, sanctions evasion, unlicensed financial services, illegal gambling, unlawful surveillance, deceptive marketing, infringement of third-party rights or other unlawful activities

The Company may refuse, suspend or terminate cooperation where it reasonably believes that a project, client instruction, requested functionality or intended use may be unlawful, misleading, harmful, abusive or inconsistent with the Company’s legal, security, reputational or compliance obligations

15. Changes to This Trust Statement

We may update this Trust Statement from time to time to reflect changes in our practices, services, technology, business operations or legal requirements

The updated version will be published on this website with a revised “Last updated” date

16. Contact

For security-related questions, please contact: