PAYMENT SECURITY POLICY

Version 01 – Effective from April 1, 2025

1. Security Commitment

The card payment system is provided by licensed Payment Gateway Partners operating legally in Vietnam.
Accordingly, the card payment security standards on Breezing.In’s e-commerce platform comply with recognized industry security protocols.

2. Security Regulations

2.1 Security for International Cards and Domestic Cards (Internet Banking)

Breezing.In’s payment policy adheres to the high security standards set by our Payment Gateway Partners, including:

• (i) Customer financial information is protected via SSL (Secure Sockets Layer) protocol.

• (ii) Compliance with the PCI DSS (Payment Card Industry Data Security Standard), certified by Trustwave.

• (iii) Use of One-Time Passwords (OTP) via SMS to authenticate account access.

• (iv) Application of 128-bit MD5 encryption.

• (v) Adherence to the security principles and regulations of the financial and banking industry, as mandated by the State Bank of Vietnam.

2.2 Security of Payment Transactions on Breezing.In

Breezing.In ensures the following in payment transaction security for customers:

• (i) Breezing.In offers token storage functionality, which only retains encrypted token strings provided by the Payment Gateway Partner.

• (ii) Breezing.In does not store customers’ card information directly; Payment Gateway Partners are legally authorized to ensure the security of card payment data.

• (iii) For international cards, payment card information is not stored on Breezing.In’s system but is encrypted and stored by the Payment Gateway Partner.

• (iv) For domestic cards (internet banking), Breezing.In only stores the order code, transaction code, and bank name.

Breezing.In is committed to taking all necessary security measures to ensure the safety of all customer transactions conducted on its software platform.