Security Policy

1. Scope

This policy applies to:

• All users accessing the website or using the services offered via connectedbanking.co.in.
• All data collected, processed, stored, or transmitted via our platform.
• All internal systems, APIs, web services, and third-party integrations.

2. Data Protection & Encryption

• All data in transit is encrypted using HTTPS with TLS (Transport Layer Security) to prevent unauthorized interception.
• Sensitive data such as access tokens, API keys, and credentials are stored securely using strong encryption mechanisms (e.g., AES-256).
• We enforce secure password storage practices (e.g., bcrypt or PBKDF2 hashing).

3. Access Control

• Access to production systems is restricted to authorized personnel only and follows a least privilege principle.
• All administrative access is logged and monitored.
• Multi-factor authentication (MFA) is enforced for sensitive backend systems.

4. API & Integration Security

• APIs are secured with authentication tokens and IP whitelisting where applicable.
• Rate limiting and throttling mechanisms are in place to prevent abuse.
• All incoming and outgoing data with banking systems or third-party services is validated and sanitized to prevent injection attacks.

5. System & Application Hardening

• All servers and software components are regularly updated with the latest security patches.
• Firewalls and endpoint protection tools are in place to detect and block unauthorized access or malware.
• Unnecessary ports and services are disabled by default.

6. Monitoring & Incident Response

• Continuous monitoring is in place to detect abnormal system behavior or potential threats.
• A defined incident response plan ensures quick identification, containment, and remediation of security incidents.
• Customers will be notified of any significant data breaches or incidents affecting their data, as per regulatory requirements.

7. Vulnerability Management

• Regular vulnerability assessments and penetration testing are performed on our infrastructure and applications.
• A bug bounty or responsible disclosure program may be implemented to allow security researchers to report vulnerabilities.

8. Data Backup & Recovery

• Regular automated backups are maintained for critical systems and databases.
• Backup data is encrypted and stored in geographically distributed, secure environments.
• Disaster recovery procedures are tested periodically to ensure business continuity.

9. User Responsibilities

Users are responsible for:

• Keeping their login credentials confidential.
• Immediately reporting any unauthorized activity or suspected security breach to our support team.
• Ensuring integration credentials (such as API keys) provided by ConnectedBanking are not exposed or shared.

10. Compliance

We strive to comply with applicable data protection laws and banking regulations, including:

• The Information Technology Act, 2000 (India) and its applicable rules.
• Guidelines issued by the Reserve Bank of India (RBI) for fintech platforms, if applicable.
• International best practices such as ISO/IEC 27001 and PCI-DSS (where relevant to payment integrations).

11. Policy Updates

We may revise this Security Policy from time to time. The updated version will be posted on this page with a revised effective date.

12. Contact Information

For security concerns, responsible disclosure, or questions related to this policy, contact: