Login Start Free

Security Policy

Our commitment to security, responsible disclosure, and protecting customer data.

Overview

At Secuvia, security is not just what we sell it's how we operate. This policy outlines our security practices, vulnerability disclosure process, and our commitment to protecting customer data.

Our Security Practices

Data Protection

  • All customer data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Customer data is never used for marketing, demonstrations, or training purposes
  • Data is stored in secure, SOC 2 compliant data centers
  • Regular backups with encryption and secure storage
  • Strict access controls with role-based permissions

Infrastructure Security

  • Multi-factor authentication (MFA) required for all team members
  • Regular security audits and penetration testing
  • Automated vulnerability scanning and patch management
  • Network segmentation and firewall protection
  • Comprehensive logging and monitoring

Application Security

  • Secure development lifecycle with code reviews
  • Regular dependency updates and security patches
  • Input validation and output encoding
  • Protection against OWASP Top 10 vulnerabilities
  • Regular security testing and code analysis

Access Management

  • Principle of least privilege for all access
  • Regular access reviews and revocation procedures
  • Secure credential management and rotation
  • Session management and timeout policies

Responsible Vulnerability Disclosure

We welcome security researchers and the community to help us maintain the security of our platform. If you discover a security vulnerability, we appreciate your responsible disclosure.

How to Report a Vulnerability

If you believe you've found a security vulnerability in Secuvia's systems or services, please report it to us as quickly as possible.

Email: security@secuvia.in

PGP Key: Available upon request

What to Include

  • Description of the vulnerability and its potential impact
  • Steps to reproduce the issue
  • Any proof-of-concept code or screenshots
  • Your contact information for follow-up

Our Commitment

  • We will acknowledge receipt within 24 hours
  • We will provide an initial assessment within 72 hours
  • We will keep you informed of our progress
  • We will credit you for the discovery (unless you prefer to remain anonymous)

Safe Harbor

We support safe harbor for security researchers who:

  • Make a good faith effort to avoid privacy violations and disruptions to others
  • Only interact with accounts you own or with explicit permission
  • Do not exploit a vulnerability beyond what is necessary to confirm its existence
  • Report vulnerabilities promptly and allow reasonable time for remediation
  • Do not publicly disclose the vulnerability before we've had time to address it

We will not pursue legal action against researchers who follow these guidelines.

Compliance & Certifications

Secuvia maintains security practices aligned with industry standards:

  • SOC 2 Type II aligned practices
  • GDPR compliance for data protection
  • ISO 27001 security controls framework
  • OWASP security best practices

Incident Response

In the event of a security incident:

  • We will investigate and contain the incident immediately
  • Affected customers will be notified within 72 hours
  • We will provide transparent communication about the incident
  • Post-incident analysis and remediation will be conducted
  • We will implement measures to prevent similar incidents

Questions or Concerns

If you have questions about our security practices or this policy, please contact us:

Security Team: security@secuvia.in

General Inquiries: secuvia.in@gmail.com

Phone: +91 63618 97434

Last updated: January 24, 2026