Indias Fastest Accounting Software

Security Policy

Effective Date: 01/01/2024

Introduction

This Security Policy outlines the measures we implement to protect the information of users of our GST Accounting Software. This policy applies to all users and stakeholders of the software, ensuring the confidentiality, integrity, and availability of user data.

Information Collection and Use

User Information:The software collects the following user information:
Username
Phone number
Email ID

Purpose of Collection: The collected information is used for user identification, communication, and providing access to the software's features..

Data Protection

Encryption: All sensitive user data, including usernames, phone numbers, and email IDs, are encrypted both in transit and at rest using industry-standard encryption protocols (e.g., TLS for data in transit and AES-256 for data at rest).
Access Control: Access to user data is restricted to authorized personnel only. Role-based access controls (RBAC) are implemented to ensure that users and staff members have access only to the information necessary for their roles.
Authentication:Strong Authentication mechanisms are enforced, including:
Password complexity requirements.
Two-factor authentication (2FA) for accessing sensitive areas of the software.
Data Minimization: We only collect the minimum amount of personal information necessary to provide our services effectively.

Data Integrity

Data Validation: Input validation is performed on all user inputs to prevent common vulnerabilities such as SQL injection, cross-site scripting (XSS), and other injection attacks..
Regular Audits: Regular security audits and vulnerability assessments are conducted to identify and mitigate potential security risks.

5. Data Availability

Backup Procedures: Regular backups of user data are performed to ensure data availability and integrity. Backups are encrypted and stored securely. Disaster Recovery: A comprehensive disaster recovery plan is in place to ensure data can be restored in the event of a security breach or data loss incident.

Incident Response

Incident Management: A defined incident response plan is in place to handle any security breaches or data incidents. This includes immediate actions to contain and mitigate the incident, investigation procedures, and notification protocols.
User Notification: Users will be notified promptly if their data is compromised. The notification will include the nature of the breach, the information affected, and steps being taken to address the breach.

Compliance

Legal Compliance: Our data protection practices comply with all relevant laws and regulations, including data protection and privacy laws applicable to our jurisdiction. Regular Reviews: This security policy is reviewed and updated regularly to ensure ongoing compliance with legal and regulatory requirements and to address emerging security threats.

User Responsibilities

Password Security: Users are responsible for maintaining the confidentiality of their passwords and other authentication credentials.
Reporting Security Issues: Users should report any security vulnerabilities or suspicious activities to our support team immediately..

Contact Information


Changes to the Security Policy

We reserve the right to modify this Security Policy at any time. We will notify users of any significant changes by posting the updated policy on our website or through other appropriate means. Continued use of the software after any changes to the policy constitutes acceptance of those changes.