Data Security

We use state-of-the-art encryption to protect your data both in transit and at rest:

• TLS 1.3 Encryption: All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) 1.3, the latest and most secure protocol
• AES-256 Encryption: Sensitive data stored in our databases is encrypted using Advanced Encryption Standard (AES) with 256-bit keys
• End-to-End Payment Security: Payment information is encrypted end-to-end and never stored on our servers
• Secure API Communications: All API endpoints use HTTPS with certificate pinning to prevent man-in-the-middle attacks

We implement robust authentication mechanisms to ensure only authorized users can access accounts:

• Multi-Factor Authentication (MFA): Optional two-factor authentication via SMS or authenticator apps
• Biometric Login: Support for fingerprint and face recognition on compatible devices
• Session Management: Automatic logout after periods of inactivity
• Device Recognition: Alerts for logins from new or unrecognized devices
• Password Requirements: Strong password policies with minimum complexity requirements
• Role-Based Access: Internal systems use role-based access control (RBAC) to limit employee data access

Our infrastructure is built on secure, enterprise-grade cloud platforms:

• Cloud Security: Hosted on AWS with ISO 27001, SOC 2, and PCI DSS certified data centers
• Firewall Protection: Advanced firewalls and intrusion detection systems (IDS) monitor all network traffic
• DDoS Protection: Distributed Denial of Service (DDoS) mitigation to ensure service availability
• Regular Backups: Automated daily backups with encrypted storage and disaster recovery plans
• Network Segmentation: Isolated network zones to contain potential security breaches
• Vulnerability Scanning: Continuous automated scanning for security vulnerabilities

We maintain 24/7 security monitoring and have established incident response protocols:

• Real-Time Monitoring: Security Information and Event Management (SIEM) systems track all system activities
• Anomaly Detection: Machine learning algorithms identify unusual patterns and potential threats
• Incident Response Team: Dedicated security team available 24/7 to respond to incidents
• Security Audits: Regular third-party security audits and penetration testing
• Breach Notification: Immediate notification to affected users in case of any security incident

Beyond security, we follow strict privacy practices:

• Data Minimization: We collect only the data necessary to provide our services
• Purpose Limitation: Data is used only for the purposes disclosed at collection
• Retention Policies: Data is retained only as long as necessary and securely deleted afterward
• Third-Party Vetting: All partners undergo security assessments before integration
• Employee Training: Regular security awareness training for all employees
• Privacy by Design: Security and privacy considerations built into every feature from the start

Vadapav Mirchi complies with international data protection regulations and standards:

• PCI DSS Compliance: Payment Card Industry Data Security Standard for secure payment processing
• GDPR Ready: General Data Protection Regulation compliance for European users
• ISO 27001: Information Security Management System certification
• SOC 2 Type II: Service Organization Control audit for security and availability
• Indian IT Act: Compliance with Information Technology Act, 2000 and amendments

While we implement robust security measures, you also play a crucial role in protecting your account:

• Use strong, unique passwords and change them regularly
• Enable multi-factor authentication for added security
• Never share your login credentials with anyone
• Log out from shared or public devices
• Keep your app updated to the latest version
• Be cautious of phishing attempts and suspicious communications
• Report any suspicious activity immediately to our support team