Skip to main content

Home/Legal/Security

Security

Last updated: 17 April 2026

Zentrovia Solutions Private Limited takes the security of our customers' data seriously. This page summarizes the technical and organizational measures we apply across our Website, platforms, and professional services.

1. Our Security Program

Our information-security program is modeled on the principles of ISO/IEC 27001 and the CIS Critical Security Controls. Program ownership sits with our Founder & CEO, with day-to-day responsibility delegated to the engineering and operations teams.

2. Data Encryption

  • In transit: all traffic to our websites and APIs is served over TLS 1.2 or higher, with modern cipher suites. HSTS is enabled.
  • At rest: customer data stored in our managed databases and object storage is encrypted at rest using AES-256 or stronger, with keys managed by our cloud provider.
  • Backups: encrypted at rest in the same manner as primary storage.

3. Access Control

  • Role-based access control with least-privilege defaults.
  • Multi-factor authentication is required for administrative access to production systems and source-control repositories.
  • Access is reviewed on a documented cadence, and revoked promptly when employees or contractors leave.

4. Network Security

  • Production services are hosted on reputable cloud providers with hardened default configurations.
  • Public endpoints are behind global CDNs with DDoS protection.
  • API routes enforce per-IP rate limits to blunt abuse and resource exhaustion attempts.
  • Internal services are not directly exposed to the public internet.

5. Application Security

  • All user input is validated server-side and sanitized before use in HTML, SQL, or shell contexts.
  • Forms are protected by honeypot fields and rate limits; authenticated APIs verify session integrity on every request.
  • We use parameterized queries and an ORM to prevent injection.
  • Dependencies are monitored for known vulnerabilities and patched on a risk-weighted schedule.
  • We follow a documented change-management process — every change to production code is peer-reviewed.

6. Logging and Monitoring

  • Production systems emit structured logs to a central aggregator.
  • Administrative actions are logged with actor, action, and timestamp.
  • Error rates and latency are monitored, with alerts routed to the on-call engineer.

7. Incident Response

We maintain a documented incident-response plan covering detection, containment, eradication, recovery, and post-incident review. In the event of a personal-data breach, we notify affected controllers without undue delay and in any case within 72 hours of confirming the incident, in line with GDPR Article 33 and applicable Indian law.

8. Vulnerability Disclosure

We welcome reports of security vulnerabilities from the community. If you believe you've found a security issue affecting our Website, platforms, or services:

  • Email: security@zentrovia.tech
  • Please provide a clear description, proof-of-concept, and any steps to reproduce.
  • Give us a reasonable time to investigate and address the issue before any public disclosure.
  • Do not access, modify, or delete data belonging to others; don't run disruptive tests (DoS, social-engineering attacks against staff, physical intrusion).

We will acknowledge valid reports within 3 business days. We don't currently operate a bug-bounty program, but we always give credit for responsible disclosure if you'd like.

9. Sub-processor Security

We conduct due diligence on the sub-processors we engage (cloud hosting, analytics, email delivery, etc.) and ensure they offer equivalent or stronger security controls and a signed Data Processing Agreement with GDPR Article 28 protections.

10. Certifications and Attestations

We do not currently hold a third-party SOC 2 or ISO/IEC 27001 certification; we are working toward formal attestation. In the meantime, enterprise customers may request our security questionnaire response and summary of controls.

11. Business Continuity

We take daily backups of customer-facing data with documented restore procedures, tested at least annually. Core services are hosted on providers offering multi-availability-zone redundancy.

12. Contact

Security team: security@zentrovia.tech
Privacy queries: privacy@zentrovia.tech
Zentrovia Solutions Private Limited
#499, NGEF Layout, Mallathahalli, Bengaluru, Karnataka 560056, India