Security

Your data, protected.

How Digitruinx secures client data and production systems.

How We Protect You

Security by design,
not by afterthought.

Every layer of our infrastructure is built with security as a first principle — not bolted on later.

Infrastructure
  • Hosted on Microsoft Azure (Central India / South India).
  • All data encrypted at rest using AES-256.
  • All traffic encrypted in transit with TLS 1.3.
  • Azure Defender for Cloud enabled across all resources.
  • Automated vulnerability scanning on every deployment.
Application Security
  • OWASP Top 10 mitigations applied to all web surfaces.
  • CSRF protection on all state-changing endpoints.
  • Input validation and output encoding throughout.
  • SQL injection prevention via parameterised queries.
  • Regular dependency audits and security patches.
Access Control
  • Role-Based Access Control (RBAC) across all modules.
  • Multi-factor authentication (MFA) available for all accounts.
  • Session tokens expire automatically after inactivity.
  • Complete tenant isolation — no cross-client data access.
  • Principle of least privilege enforced for all team members.
Data Handling
  • Daily automated backups with 30-day retention.
  • Point-in-time recovery for database systems.
  • Payment card data never stored — processed by Razorpay (PCI-DSS).
  • Data deletion requests actioned within 30 days (DPDP Act 2023).
  • Production data never used in staging or test environments.
Incident Response
  • Documented incident response plan with defined escalation paths.
  • Critical incidents acknowledged within 1 hour.
  • Affected clients notified within 72 hours of a confirmed breach.
  • Post-incident reports published internally with root cause analysis.
  • Azure Monitor alerts configured for anomalous activity.
Responsible Disclosure
  • We welcome responsible vulnerability disclosure.
  • Report issues to security@digitruinx.com.
  • We will acknowledge reports within 48 hours.
  • Valid, responsibly disclosed vulnerabilities are actioned within 30 days.
  • No legal action taken against good-faith researchers following our disclosure policy.
TLS 1.3 AES-256 OWASP CSRF Protection RBAC Azure Defender Tenant Isolation DPDP Compliant

Found a vulnerability?

We take security seriously. If you've discovered a potential security issue in any Digitruinx product or infrastructure, please disclose it responsibly. We commit to investigating every report and responding within 48 hours.

Please do not publicly disclose the issue before we have had a chance to address it. Include steps to reproduce, impact assessment, and your contact details.

Report to security@digitruinx.com →

Ready to build with confidence?

Talk to us about your project and how we protect your data.

Talk to Us → Get Access