1. Home
  2. Compliance and Security

General Security Measures

Last Updated: November 03, 2025

Our organisation follows strong security practices to protect data, systems, and user information. The following measures are in place:

1. Data Encryption

  • All Personally Identifiable Information (PII) is encrypted using AES-256 encryption.
  • No plain-text passwords are kept or transmitted at any time.

2. Password Encryption

  • User passwords are hashed using SHA-256 before being stored in the database.
  • This ensures confidentiality and protection of sensitive data during storage and transmission.

3. Database Access Control

  • We apply a least privilege approach — only System Administrators have access to the production database.
  • Access rights are reviewed regularly to minimise exposure risk.

4. Environment Separation

  • QA (Testing) and Production environments are completely isolated.
  • Each environment has dedicated resources, credentials, and configurations, preventing any overlap or shared components.
  • This segregation reduces the risk of accidental data exposure between environments.

5. Password and Access Policies

  • Passwords must be at least 8 characters long and include alphabets, numbers, and special characters.
  • Server and resource access is restricted to authorised System Administrators only.

6. Cloud and IAM Security

  • We use Google Cloud Platform (GCP) with a strict IAM (Identity and Access Management) policy.
  • Access permissions are granted based on job roles and follow the least privilege principle.
  • GCP-managed encryption keys are used for secure key management.

7. Cloud Storage Protection

  • Cloud Storage buckets have no public access.
  • Only authorised users can access stored data.
  • When temporary access is needed, signed URLs with time limits are used.

8. Compliance

  • Our data management and security measures comply with the India Digital Personal Data Protection (DPDP) Act, 2023.

9. Security Testing

  • We perform Vulnerability Assessment and Penetration Testing (VAPT) periodically and after major updates to identify and fix potential security issues.

10. Contact

If you have any questions or concerns about these measures, please contact us at compliance@aibisolutions.com