Security Policy

At Pramanix, security is not an afterthought; it is built into the core of our architecture. We are dedicated to protecting your sensitive compliance data with enterprise-grade security standards.

1. Data Encryption

• Data in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2/1.3 (HTTPS).
• Data at Rest: Sensitive data stored in our databases is encrypted using industry-standard AES-256 encryption.

2. Access Control

• Role-Based Access Control (RBAC): We enforce strict RBAC policies to ensure users only access data necessary for their role.
• Multi-Factor Authentication (MFA): We support and encourage the use of MFA for all user accounts to prevent unauthorized access.
• Least Privilege Principle: Our internal employees have no access to customer data unless explicitly required for support or engineering purposes, and such access is logged.

3. Infrastructure Security

• Cloud Provider: Our infrastructure is hosted on top-tier cloud providers (e.g., AWS/DigitalOcean) with ISO 27001 certification.
• Firewalls: We utilize web application firewalls (WAF) to protect against common attacks like SQL injection and XSS.
• Backups: We perform automated daily backups to ensure data recoverability in case of a disaster.

4. Vulnerability Management

• We conduct regular automated vulnerability scans of our codebase and infrastructure.
• Critical security patches for our servers and dependencies are applied immediately upon release.

5. Incident Response

In the unlikely event of a security breach, we have a defined Incident Response Plan. We are committed to notifying affected customers within 72 hours of confirming a data breach, in compliance with applicable laws.

6. Reporting Security Issues

If you believe you have found a security vulnerability in Pramanix, please report it to us responsibly at security@pramanix.com.