My Insurer Private Limited – Singapore based company No. 201903812R - (“we” or “us”) is the operator of the software MY INSURER -  www.my-insurer.net (the “Website”), a customer relationship tool, and the mobile application WELLNEX (the "App"), a free rewarding membership program designed to facilitate access to budget-friendly quality Healthcare, supplemented by Wellness and Lifestyle offers, calibrated thanks to Users' data profiles. 


We are committed to:

  • Follow any best practices, guidelines, requirements of the privacy and insurance policy applicable in any countries where MY INSURER operates
  • Comply to any Insurance rules, laws & regulations applicable in any countries where MY INSURER operates
  • Comply to any Data (storage, flow, ownership) protection act, laws & regulations applicable in any countries where MY INSURER operates
  • Make the user journey as enjoyable, safe, clear and lean as possible


Should you have any queries or feedback with regards to data, please send us an email to data@my-insurer.net

My Insurer Private Limited takes data protection very seriously.

We have a strict and rigorous governance in place organised through different levels which includes storage of data.


Data are currently hosted into Microsoft AZURE Cloud and located in Singapore Server.



Network Security

All our servers are protected by a network firewall and connections are encrypted using the industry standard SSL encryption.


MTSC Certified

Microsoft Azure is Singapore Multi-Tier Cloud Security Standard (MTCS SS 584) Level-3 (CSP) certified together with other global certifications such as the ISO 27001 (Security Management Controls) and ISO 27018  (Personal Data Protection)


OWASP Security Design Principles

Our platform is designed and implemented against the OWASP top 10 vulnerabilities. OWASP provides a comprehensive list of security design principles. And by following these principles the portal and mobile app are secure and dramatically reduces the risk of a successful cyber attack.


For the Web application and online services, the OWASP Top ten list served as a guide and the domains tested for are listed below:

  •  SQL Injection Flaws.

  •  Cross Site Scripting (XSS).

  •  Malicious File Execution.

  •  Insecure Direct Object Reference.

  •  Cross Site Request Forgery (CSRF).

  •  Information Leakage and Improper Error Handling.

  •  Broken Authentication and Session Management.

  •  Insecure Cryptographic Storage.

  •  Insecure Communications.

  •  Failure to Restrict URL Access.


For the Mobile app:

  • A1-Injection

  • A2-Broken Authentication and Session Management

  • A3-Cross-Site Scripting (XSS)

  • A4-Insecure Direct Object References

  • A5-Security Misconfiguration

  • A6-Sensitive Data Exposure

  • A7-Missing Function Level Access Control

  • A8-Cross-Site Request Forgery (CSRF)

  • A9-Using Components with Known Vulnerabilities

  • A10-Unvalidated Redirects and Forwards




SSL ENCRYPTION

All traffic to and from our servers are protected by SSL. SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser and a mobile app.



In-House Security Protocol

  • my-insurer operate on the strictest set of security mandates and governance
  • Password Authentication & Protection
  • Private/Public keys with password protection are required to access to our servers.
  • Authorised Access
  • Data access is governed by strict role-based access controls.
  • Employees Training and Development
  • All employees are mandated to attend regular Data Protection and Cyber Security training to ensure security awareness and knowledge of latest security threats.