Security & PDPA Overview

Last Updated: January 30, 2026

Executive Summary

MatterGuard is designed with security and compliance at its core. This document provides an overview of our security architecture, data protection practices, and PDPA compliance measures for law firms evaluating our platform.

Data Encryption

  • TLS 1.3 for all data in transit
  • AES-256 encryption at rest
  • Encrypted database backups

Access Control

  • Role-based access control (RBAC)
  • Multi-factor authentication
  • Segregation of duties enforced

Audit & Monitoring

  • Comprehensive audit logging
  • Real-time security monitoring
  • 7-year audit log retention

Infrastructure

  • ISO 27001 certified data centers
  • 99.9% uptime SLA
  • Automated failover & recovery

PDPA Compliance

MatterGuard is designed to help law firms comply with the Personal Data Protection Act 2012 (PDPA) of Singapore. Key compliance features include:

Consent Management

Track and document consent for data processing

Purpose Limitation

Data used only for stated KYC/AML purposes

Access & Correction

Tools to respond to data subject requests

Data Protection

Technical safeguards exceeding PDPA requirements

Retention Limits

Configurable retention with secure deletion

Transfer Safeguards

Compliant international data transfers

Security Architecture

LayerControls
NetworkWeb Application Firewall (WAF), DDoS protection, VPC isolation, intrusion detection/prevention
ApplicationInput validation, CSRF protection, XSS prevention, secure session management, rate limiting
DataEncryption at rest (AES-256), encryption in transit (TLS 1.3), key management via HSM
IdentityOAuth 2.0, MFA, role-based access control, session timeout, password policies
Operational24/7 monitoring, incident response procedures, regular penetration testing, vulnerability scanning

Incident Response

Our incident response process ensures rapid detection, containment, and resolution of security incidents:

  1. Detection: Automated monitoring and alerting systems identify potential security events within minutes
  2. Triage: Security team assesses severity and impact within 1 hour
  3. Containment: Immediate actions to limit scope and prevent further damage
  4. Notification: Affected clients notified within 72 hours per PDPA requirements
  5. Remediation: Root cause analysis and permanent fixes implemented
  6. Review: Post-incident review and process improvements

Certifications & Compliance

SOC 2

Type II Certified

ISO 27001

Data Center Certified

PDPA

Singapore Compliant

Security Contact

For security inquiries, vulnerability reports, or to request our SOC 2 report:

MatterGuard Pte. Ltd.

Security Team: [email protected]

For urgent security matters, please include "URGENT" in the subject line.

© 2026 MatterGuard Pte. Ltd.. All rights reserved.

Document Version: 1.0 | Last Updated: January 30, 2026