Overview
Intixus Technologies is committed to protecting the security and confidentiality of:
- Customer data processed through our ERP, AI, automation, and cloud products
- Partner and affiliate data shared in the course of business
- Website visitor data collected through our public site
- Product infrastructure that powers our SaaS and on-premise deployments
We implement industry-aligned security controls and continuously improve our practices to meet Indian regulations and international best practices.
Infrastructure Security
- Secure hosting environments: Production systems run on trusted cloud and hosting providers with robust physical and network controls.
- Firewall protection: Network firewalls restrict access and monitor traffic.
- Encrypted communication: All data in transit uses HTTPS and TLS 1.2 or higher.
- Role-based access control: Access to systems and data is restricted by role and need-to-know.
- Secure API architecture: APIs use authentication, rate limiting, and input validation.
- Database isolation: Production databases are isolated and access-controlled.
- Server monitoring: Systems are monitored for anomalies and unauthorized access.
Application Security
- Secure coding practices: We follow secure development guidelines and code review processes.
- Input validation: User inputs are validated and sanitized to reduce injection risks.
- CSRF protection: Forms and state-changing operations use anti-CSRF measures.
- SQL injection prevention: Parameterized queries and ORMs are used to prevent SQL injection.
- Regular updates and patches: Dependencies and components are updated for known vulnerabilities.
- Logging and monitoring: Security-relevant events are logged and monitored for investigation.
Data Protection Controls
- Data encryption at rest: Where technically feasible, sensitive data is encrypted at rest.
- Encryption in transit: All external data transfers use TLS.
- Access control policies: Access is granted on a need-to-know basis and periodically reviewed.
- Secure backups: Backups are stored securely and tested for recoverability.
- Data minimization: We collect and retain only data necessary for service delivery and legal compliance.
Incident Response
We maintain an incident response process that includes:
- Incident detection: Monitoring and alerting to identify potential incidents.
- Containment: Steps to limit impact and prevent further exposure.
- Investigation: Root cause analysis and evidence preservation.
- Notification: Where required by applicable law (including the DPDP Act 2023 and sector-specific regulations), affected individuals and authorities are notified in accordance with prescribed timelines.
Responsible Disclosure
We welcome reports from security researchers. If you discover a vulnerability, please report it responsibly. See our Responsible Vulnerability Disclosure page for details.
For security inquiries: security@intixus.com