Security Support
We know that your data is the most important thing for you. Hence we provide best-in-class security and encryption standards to safeguard your data. Our data security controls and standards are given below in detail:
We know that your data is the most important thing for you. Hence we provide best-in-class security and encryption standards to safeguard your data. Our data security controls and standards are given below in detail:
We are ISO 27001 certified and Google Cloud Platform (our cloud hosting provider) is SOC 2 Type II Certified. These certifications are provided to only a handful of organizations after rigorous checks and trials of each of their services. Links to both these certifications are given below:
Access to our cloud infrastructure is strictly managed via Google Identity and Access Management (IAM) . We have imposed a strong password policy with Two-Factor Authentication (2FA). Access is regularly reviewed to keep your data safe from unauthorized access.
We are hosted on the Google Cloud Platform (Mumbai, India) across 3 zones to ensure high availability. This is done to ensure that if there is ever a problem in an individual data center, your service is not disrupted.
We have implemented strong encryption policies for all your data.
We follow a secure software development lifecycle. Our thread modeling and development methodology contains the following:
We support long-lived bearer tokens for authentication of the callbacks. This is a backend configuration and will be done along with the callback endpoint configuration.
To ensure the safety of your data, IDfy recommends that you delete all customer data from our platform after a customer journey is complete. We provide multiple automated and manual purging mechanisms:
Automated purging mechanisms
Manual purging mechanism
When data has been purged from our systems, it means that none of the end-user artifacts, transaction logs, or insights data will remain on our systems.
The default system setting is to automatically purge after 90 days of data being received in the IDfy system. Please note that IDfy will not be able to recover the data after this period and will not be liable for any loss of data on account of such policy implementation. If this purge period needs to be modified, please contact us.
A custom Data Protection Framework has been implemented by us to put an emphasis on the most sensitive and valuable data within our organization, including your Personal Identifiable Information (PII) and those of your customers.
Google Cloud Armor has been deployed in our system, which provides defenses against DDoS and application attacks(WAF).
We use the Google Security Command Center for security and risk management across our Google Cloud Platform infrastructure. Google Security command center provides the following key services:
If there are any specific support needed, please mail the query on vkyc.support@idfy.com