Skip to Content

Data Security Policy

1. Encryption

  • All data is transmitted over TLS 1.2 or higher
  • Data at rest is encrypted using AES-256

2. Access Controls

  • Role-based access controls (RBAC) are in place
  • Least privilege access is enforced for all users
  • All admin and developer access requires two-factor authentication
  • Shared or hardcoded credentials are prohibited

3. Monitoring and Logging

  • All access to personal data is logged, including user ID, IP address, timestamp, and action
  • Logs are retained for 90 days or longer
  • Abnormal or unauthorized access is flagged with alerts

4. Penetration Testing

  • Annual penetration tests are conducted by third-party security firms
  • All critical vulnerabilities are patched within 30 days of discovery

5. Patch and Vulnerability Management

  • Systems are scanned weekly for vulnerabilities
  • Critical updates are applied within 7 days; other updates within 30 days

6. Incident Response

  • Security incidents are investigated immediately
  • Affected users and partners are notified within 72 hours
  • All security events are documented and reviewed

7. Hosting and Infrastructure

  • Systems are hosted on AWS, which is SOC 2 and ISO 27001 certified
  • Daily backups are encrypted and tested monthly
  • Infrastructure is protected with firewall, DDoS protection, and monitoring systems

8. Data Lifecycle Management

  • Automated systems handle data deletion after policy-defined retention periods
  • Offboarding procedures revoke access to data immediately
  • Quarterly internal reviews ensure compliance with data handling requirements

9. Contact

For security inquiries, contact us at:

Email: [email protected]