01. Encryption

All sensitive user data, including passwords, communications, and personal information, is encrypted using AES-256 standard encryption while at rest in our databases. All data transmitted between your browser and our servers is secured using TLS 1.3 encryption protocols.

02. Infrastructure

Our platform is hosted on trusted, enterprise-grade cloud providers that maintain SOC 2 compliance. Our infrastructure is designed with redundancy and security best practices to ensure high availability and resilience against DDoS attacks and other threats.

03. Access Control

We employ strict, role-based access control (RBAC) across our internal systems. Only authorized personnel have access to production environments. Multi-Factor Authentication (MFA) is strictly enforced for all administrative and developer accounts.

04. Payment Security

IndieAico does not directly store your credit card or bank account details. All payment processing and escrow handling is securely managed by our payment partner, Razorpay, which is certified to the highest level of PCI DSS compliance (Level 1).

05. Vulnerability Disclosure

We believe in the power of the security community. If you believe you have found a security vulnerability on IndieAico, please report it to us at indieaico@gmail.com. We operate a responsible disclosure policy and commit to addressing valid reports promptly.

06. Incident Response

In the unlikely event of a data breach, we have a comprehensive incident response plan in place. In compliance with the Indian IT Act, we are committed to notifying affected users and the relevant authorities within 72 hours of confirming a breach.

07. Data Backups

To protect against data loss, we perform daily automated backups of all critical databases. These backups are fully encrypted and stored in isolated, geographically distributed environments with a 30-day retention policy.