IdeatePlus strives to ensure that our services are secure to the fullest possible extent. We exercise due diligence and due care when it comes to ensuring security of our offerings. Here is the summary of our offerings:
Data Security and Privacy
We are compliant to the requirements of EU-GDPR and other related privacy requirements. All our data is hosted within the EU. Our cloud service providers are compliant with industry applicable standards like SOC 2, GDPR, NIST CSF ISO 27001 and ISO 22301.
Our databases are encrypted to protect data at rest using native cloud encryption techniques with industry-accepted benchmarks. All files are also encrypted at rest using the same standard. All passwords stored in our systems are hashed using <Bcrypt hash> based hashes with a dynamic salt. Every piece of data shared by our customers with us is secured with similar security controls.
All data transactions are protected using TLS v1.2. Our SSL certificate is issued by GoDaddy.
We maintain strict access control requirements for access to our systems. We undertake a need-to-know approach for provisioning access to backend systems. All cloud instances are protected using Multi-factor authentication. We also have strict confidentiality agreements with all our vendors.
Legal and Regulatory Compliance
We strive to comply with all applicable legal and regulatory compliance. We collect your data only for legitimate business use and don’t share with any third-party for purposes other than for which it was collected. We don’t share your data with any legal or regulatory entities without a valid court order. Any other disclosures (if required), will be made only after intimating you with the details of disclosure.
For details related to our Data retention practices refer to Cancellation Policy. This includes all digital and physical documents we receive from our customers and website visitors. Electronic telemetry like server logs, firewall logs, website activity is stored for a period of 1 year.
To ensure the robustness of our systems, we engage in Third-party external VAPT. This activity is done on an annual basis.
We regularly review our architecture to find flaws and weaknesses in our systems. We harden our endpoints and cloud instances using industry benchmarks including CIS and NIST standards.
We also engage in a Grey-box VAPT of our applications to find out any vulnerabilities in our applications.
In case you need more details about our security practices, please write to us at [email protected]
In case you wish to disclose any vulnerability on our systems, please write to us at [email protected]