Compliance

Last updated: June 21, 2026

Our Compliance Commitment

At HSRCPAY, we continuously work to meet legal requirements and industry standards. Protecting our customers and their data is a top priority.

1. Data Protection Regulations

KVKK (Law on Protection of Personal Data)

HSRCPAY complies with Turkey's Law No. 6698 on the Protection of Personal Data (KVKK):

  • Transparency in processing personal data
  • Protection of data subject rights
  • Secure processing and storage of data
  • Data breach notification obligations
  • Appointment of a data protection officer

GDPR (General Data Protection Regulation)

For customers in the European Union, we meet GDPR requirements:

  • Data subject rights (access, correction, erasure, portability)
  • Legal bases for processing
  • Data protection impact assessments (DPIA)
  • Data breach notifications (within 72 hours)
  • Appointment of a Data Protection Officer (DPO)

2. Payment Industry Standards

PCI-DSS (Payment Card Industry Data Security Standard)

With PCI-DSS Level 1 certification, we ensure payment card data is processed securely:

  • Secure network architecture and firewalls
  • Protection of cardholder data
  • Strong access control measures
  • Network monitoring and testing
  • Security policies and procedures

3. Financial Regulations

AML (Anti-Money Laundering) / KYC (Know Your Customer)

We comply with anti-money laundering and customer identification requirements:

  • Customer identity verification
  • Suspicious activity reporting
  • Transaction monitoring and analysis
  • Compliance with legal requirements

Financial regulations

Compliance with applicable financial regulations:

  • Banking regulations
  • Payment services regulations
  • Financial reporting requirements
  • Safeguarding of customer funds

4. ISO Standards

Our work toward international standards includes:

  • ISO 27001: Information security management system
  • ISO 27017: Cloud security
  • ISO 27018: Cloud privacy
  • ISO 22301: Business continuity management

5. Audits and Certifications

We obtain regular independent audits and certifications:

  • Annual PCI-DSS audits
  • Vulnerability assessments
  • Code security reviews
  • Infrastructure security assessments
  • Third-party security audits

6. Reporting and Transparency

We provide transparency about our compliance posture:

  • Regular compliance reports
  • Security incident notifications
  • Data breach notifications (as required by law)
  • Customer communications

7. Continuous Improvement

Our compliance program is continuously improved:

  • Tracking and assessing new regulations
  • Applying industry best practices
  • Training and awareness programs
  • Technology updates
  • Risk assessments

8. Third-Party Compliance

We ensure all third-party service providers we work with meet compliance standards:

  • Vendor evaluation and selection processes
  • Compliance agreements
  • Regular vendor audits
  • Transfer of security requirements

9. Compliance Responsibilities

Our compliance program is managed by the following teams:

  • Compliance team: Management of the compliance program
  • Security team: Implementation of security standards
  • Legal team: Monitoring legal requirements
  • Risk management: Risk assessments and management

10. Contact

For compliance-related questions:

  • Company: Phine Up LLC
  • Founder: Mustafa Hasircioglu
  • Compliance team: compliance@hsrcpay.com
  • General contact: info@hsrcpay.com
  • Phone: 0850 303 28 63
  • Address: 30 N Gould St # 45126, Sheridan, WY 82801, United States