SSeedicon Events
Discover EventEvent FeaturesDigital CardNetwork FeaturesCRMPricing
English
EnglishEspañolFrançaisDeutsch日本語
Discover EventEvent FeaturesDigital CardNetwork FeaturesCRMPricing
Language

Information Security Policy

Seedicon Events & Seedicon CRM | Effective Date: 1 June 2026 | Version 1.0

This policy describes the technical and organisational security measures Seedicon India Private Limited implements to protect the Platform and user data against unauthorised access, disclosure, alteration, or destruction. This policy supports our obligations under GDPR Article 32, DPDP Act 2023, and industry best practices.

1. Scope

This policy applies to all systems, infrastructure, and personnel involved in operating the Platform, including all cloud environments, third-party sub-processors, and contractors with access to user data.

2. Encryption

  • All data in transit is encrypted using TLS 1.2 or higher
  • All data at rest is encrypted using AES-256
  • User passwords are hashed using bcrypt with a minimum cost factor of 12
  • Database encryption keys are managed via a dedicated key management service (KMS)
  • Business card images and voice files are encrypted at rest with separate per-user keys

3. Access Controls

  • Role-based access control (RBAC) is enforced across all internal systems
  • Production database access is restricted to authorised engineers only, via VPN and MFA
  • Least-privilege principle: personnel are granted only the minimum access required for their role
  • All administrative access requires multi-factor authentication (MFA)
  • Access rights are reviewed quarterly and revoked immediately upon employee offboarding
  • Payment systems are accessed only by Razorpay's infrastructure; we have no access to raw card data

4. Infrastructure Security

  • The Platform is hosted on ISO 27001-certified cloud infrastructure (AWS/GCP)
  • Network segmentation separates public-facing services from internal databases
  • Web application firewall (WAF) is deployed to filter malicious traffic
  • DDoS protection is active on all public endpoints
  • Regular automated vulnerability scanning is performed on all infrastructure components
  • Container images are scanned for known vulnerabilities before deployment

5. Application Security

  • Secure development lifecycle (SDL) is followed: threat modelling, code review, and security testing prior to release
  • OWASP Top 10 vulnerabilities are tested and mitigated in every release
  • Dependency scanning is automated and critical vulnerabilities are patched within 48 hours
  • SQL injection, XSS, and CSRF protections are implemented and tested
  • API endpoints require authenticated tokens; rate limiting is enforced to prevent abuse

6. Third-Party and Sub-processor Security

All sub-processors are assessed for security compliance prior to engagement and annually thereafter. Contracts include obligations for encryption, access controls, breach notification, and data deletion. Sub-processors handling personal data are required to maintain equivalent security standards.

7. Backup and Recovery

  • Automated daily backups of all databases and critical data stores
  • Backups are encrypted and stored in a geographically separate region
  • Recovery time objective (RTO): 4 hours; Recovery point objective (RPO): 24 hours
  • Backup restoration is tested quarterly

8. Incident Response

We maintain a documented incident response plan. In the event of a security incident:

  • Incidents are triaged within 1 hour of detection
  • A designated incident response team is engaged for containment and investigation
  • Affected users and regulatory authorities are notified within 72 hours where required by law
  • Post-incident reviews are conducted within 7 days of resolution
  • All incidents are logged and tracked in our security incident register

9. Vulnerability Disclosure

We operate a responsible disclosure programme. Security researchers who discover vulnerabilities may report them to security@seedicon.com. We commit to acknowledging reports within 48 hours and providing a resolution timeline. We will not pursue legal action against good-faith researchers complying with our disclosure policy.

10. Physical Security

The Company operates with a remote-first model. Team members access systems via secured, company-managed devices with full-disk encryption and mandatory MFA. We do not operate physical data centres; all infrastructure is hosted on cloud providers with appropriate physical security certifications.

11. Security Training

All employees receive security awareness training upon onboarding and annually thereafter, covering phishing, secure coding, data handling, and incident reporting procedures.

12. Compliance and Audit

  • Internal security reviews are conducted quarterly
  • External penetration testing is conducted at least annually by an independent firm
  • We maintain audit logs of all access to personal data for a minimum of 12 months
  • We work towards SOC 2 Type II certification

13. Review

This policy is reviewed annually and updated following significant changes to infrastructure, threats, or regulatory requirements. Contact legal@seedicon.com with questions or to report a vulnerability.

ProductDiscover EventEvent FeaturesDigital CardNetwork FeaturesCRMPricing
LegalTerms of ServicePrivacy PolicyRefund & Cancellation PolicyAcceptable Use PolicyDisclaimerCommunity GuidelinesAnti-Spam Policy
Data & SecurityData Processing AgreementData Retention PolicyInformation Security PolicyContact Data Usage PolicyBusiness Card Processing Policy
EventsEvent Organizer TermsEvent Attendee Terms
Download App
App Store badgeGoogle Play badge
Scan to download Seedicon Events
Scan to download
iOS & Android
SSeedicon Events
Born in Bengaluru • © 2026 Seedicon Events Inc. All rights reserved.