Introduction
We have always placed your security first. We go above and beyond to provide a best-in-class member experience, utilizing a dedicated security team responsible for protecting against, detecting, and mitigating threats to our application.
Privacy Practices
We don't engage in selling your personal information to unaffiliated third parties or share it for their independent advertising or marketing pursuits without your explicit consent. For a comprehensive understanding of our privacy practices, please peruse our Privacy Policy .
Our Infrastructure
Our Data is hosted at a highly secure CtrlS Data Center based in Noida, India. This state-of-the-art facility provides a robust and scalable platform, ensuring that we can deliver our services to you with the utmost security and reliability.
Perimeter Security
We've implemented a multi-layered Defence in Depth Architecture, incorporating a network firewall, web application firewall, DDoS protection layer, and a content delivery network. Our 3-tier architecture is a testament to industry best practices, boasting stringent network segmentation and the isolation of environments and services.
Host Security
Our commitment to security extends to our host environment. We use industry-leading solutions that include anti-virus and anti-malware software, intrusion prevention systems, intrusion detection systems, file integrity monitoring, application control, application and audit log aggregation, and automated patch management.
Data Security
We employ stringent measures, including environment separation, role-based access control, and key management services. Data at rest is shielded by encryption, while sensitive data enjoys application-level encryption. We ensure data resiliency through replication, data durability via snapshotting, and data reliability through backup and restore testing.
Incident and Change Management
We have deployed mature processes around Change Management, enabling us to release thoroughly tested, reliable, and secure features so that you can enjoy our product̓s experience with maximum assurance. We have a very aggressive stance on Incident Management on both Systems downtime and security and have a network operations center and an Information Security Management System in place that quickly reacts, remediates, or escalates any Incidents arising out of planned or unplanned changes.
Vulnerability Assessment and Penetration Testing
Our in-house network security team employs industry-leading tools for manual and automated Vulnerability Assessment and Penetration Testing (VAPT). We integrate static and dynamic application security testing into our continuous integration/continuous deployment pipeline. Additionally, we collaborate with CERT-IN certified auditors for periodic external security testing and audits.
Standards and Certifications
We are an ISO 27001:2022 certified company and have implemented the required Information Systems Management System policies and procedures to maintain industry standard best practices and applicable controls.
GDPR Compliance
Our team worked hard and developed new features that helped us become GDPR-Compliant .You can delve deeper into the data we collect and our processes in our Privacy Policy , and our clients have access to review the Data Processing Addendum .
Changes to Statement
We reserve the right to modify this Security Statement as needed. Should we make any changes, we'll promptly post them on this page to keep you informed about how we're safeguarding your data. All updates are effective immediately upon posting. Your data security is our unwavering commitment.
Contact Details
If you have any questions about our data security, please contact us at any time via email: compliance@onebanc.ai