Data Security
Risk Assessment
As per our assessment, since we are holding bare minimum details of users, the risk to user privacy is perceived to be low.
The following security measures are considered adequate
Controlled access using passwords, strictly on a need to know basis
User Database
Machines containing user data
The passwords are encrypted.
All data transfers between machines on the internet are encrypted.
Recovery from a technical OR physical incident
Backups are taken at regular intervals.
In the worst case scenario of a server being unavailable, the systems should be operational within 24 hours of incident.
Only N copies of historical backup’s will be maintained. So, when a user deletes his record, the record will be completely erased from our backups after N cycles.