Security Policy

1. Our Commitment to Security

At Udharsathi, security is our top priority. We understand that you trust us with sensitive financial and personal information, and we are committed to protecting that information with industry-leading security measures and best practices.

This Security Policy outlines the technical and organizational measures we implement to safeguard your data and ensure the integrity, confidentiality, and availability of our services.

2. Data Encryption

2.1 Encryption in Transit

All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) 1.3, the latest and most secure version of the protocol. This ensures that:

• All communications are protected from interception
• Data integrity is maintained during transmission
• Your connection to our services is authenticated

2.2 Encryption at Rest

Sensitive data stored in our databases is encrypted using Advanced Encryption Standard (AES-256), which is the industry standard for data encryption. This includes:

• Personal identification information
• Bank account details
• Payment transaction data
• Authentication credentials (hashed and salted)

3. Payment Security

3.1 PCI DSS Compliance

We comply with the Payment Card Industry Data Security Standard (PCI DSS) requirements. While we process UPI payments (not card payments), we maintain the same level of security standards:

• We never store full payment credentials on our servers
• Payment processing is handled through certified payment gateways
• All payment data is tokenized and encrypted
• We undergo regular security assessments

3.2 UPI Security

UPI Autopay mandates are created and managed in compliance with NPCI (National Payments Corporation of India) guidelines:

• Mandates require explicit customer consent and approval
• All mandate transactions are logged and auditable
• Customers can revoke mandates at any time
• Transaction limits and frequency are enforced as per NPCI rules

4. Authentication and Access Control

4.1 Multi-Factor Authentication (MFA)

We strongly recommend and support multi-factor authentication for all user accounts. This adds an extra layer of security beyond passwords:

• Two-factor authentication (2FA) via SMS or authenticator apps
• Biometric authentication on supported devices
• Email verification for sensitive operations

4.2 Password Security

We enforce strong password requirements:

• Minimum password length and complexity requirements
• Passwords are hashed using bcrypt with salt
• We never store passwords in plain text
• Account lockout after multiple failed login attempts

4.3 Access Management

We implement the principle of least privilege:

• Employees only have access to data necessary for their role
• All access is logged and monitored
• Regular access reviews and audits
• Immediate revocation of access upon role change or termination

5. Infrastructure Security

5.1 Cloud Security

Our infrastructure is hosted on secure cloud platforms with:

• Redundant data centers with high availability
• Automated backups with point-in-time recovery
• DDoS protection and mitigation
• Network segmentation and firewalls
• Intrusion detection and prevention systems

5.2 System Monitoring

We continuously monitor our systems for:

• Unauthorized access attempts
• Anomalous activity patterns
• System performance and availability
• Security vulnerabilities and threats

6. Application Security

6.1 Secure Development Practices

We follow secure software development lifecycle (SDLC) practices:

• Code reviews and security audits
• Automated security scanning and vulnerability testing
• Dependency management and patching
• Regular penetration testing
• Security training for development teams

6.2 API Security

Our APIs are secured with:

• Authentication tokens and API keys
• Rate limiting to prevent abuse
• Input validation and sanitization
• HTTPS-only communication

7. Data Protection and Privacy

We are committed to protecting your privacy and comply with applicable data protection laws, including:

• Information Technology Act, 2000
• Digital Personal Data Protection Act, 2023
• RBI guidelines for payment aggregators
• NPCI guidelines for UPI services

For more details, please refer to our Privacy Policy. Privacy.

8. Incident Response

In the event of a security incident, we have a comprehensive incident response plan:

• Immediate containment and mitigation
• Investigation and root cause analysis
• Notification to affected users and authorities as required by law
• Remediation and prevention measures
• Post-incident review and improvements

If you discover a security vulnerability, please report it responsibly to support@udharsathi.in. We appreciate responsible disclosure and will work with you to address any issues.

9. Compliance and Certifications

We maintain compliance with:

• RBI regulations for payment aggregators
• NPCI guidelines for UPI services
• Data protection and privacy laws
• Applicable regulatory requirements
• Industry security standards and best practices

10. Your Role in Security

Security is a shared responsibility. You can help protect your account by:

• Using a strong, unique password
• Enabling multi-factor authentication
• Keeping your devices and software updated
• Not sharing your account credentials
• Logging out when using shared devices
• Reporting suspicious activity immediately
• Being cautious of phishing attempts

11. Regular Updates

We continuously improve our security measures and update this Security Policy to reflect changes in our practices, technology, and regulatory requirements. We encourage you to review this policy periodically.

12. Contact Us

If you have any questions about our security practices or wish to report a security concern, please contact us: