Security First
We're committed to maintaining the highest standards of security to protect your data and ensure your trust.
Last updated: January 1, 2025
Our Security Commitment
At Heldus, we understand that your data is one of your most valuable assets. That's why we've implemented comprehensive security measures to protect your information at every level of our operations.
Our comprehensive security program encompasses technical, administrative, and physical safeguards designed to protect against unauthorized access, disclosure, alteration, and destruction of information.
Security Framework
Our security practices are based on industry-leading frameworks and standards:
ISO 27001
Information Security Management System certification
SOC 2 Type II
Service Organization Control 2 compliance
GDPR Compliant
Full compliance with EU data protection regulations
PCI DSS
Payment Card Industry Data Security Standard
Data Protection
Encryption
All data is encrypted both in transit and at rest using industry-standard encryption protocols:
- • AES-256 encryption for data at rest
- • TLS 1.3 for data in transit
- • End-to-end encryption for sensitive communications
- • Regular key rotation and management
Access Controls
Strict access controls ensure only authorized personnel can access your data:
- • Multi-factor authentication (MFA) required
- • Role-based access control (RBAC)
- • Principle of least privilege
- • Regular access reviews and audits
Infrastructure Security
Our infrastructure is built with security as the foundation:
- • Secure cloud infrastructure with major providers
- • Network segmentation and firewalls
- • Intrusion detection and prevention systems
- • Regular vulnerability assessments
Security Monitoring
We maintain 24/7 security monitoring and incident response capabilities:
- • Real-time security monitoring and alerting
- • Security Information and Event Management (SIEM)
- • Automated threat detection and response
- • Regular security audits and penetration testing
- • Incident response team available 24/7
- • Comprehensive logging and audit trails
Development Security
Security is integrated into our entire software development lifecycle:
- • Secure coding practices and guidelines
- • Static and dynamic application security testing (SAST/DAST)
- • Dependency scanning and vulnerability management
- • Code reviews with security focus
- • Container security and image scanning
- • Regular security training for development teams
Business Continuity
We ensure business continuity and disaster recovery through:
- • Regular automated backups with encryption
- • Multi-region redundancy and failover capabilities
- • Disaster recovery testing and procedures
- • Business continuity planning
- • 99.9% uptime SLA commitment
- • Incident communication and status updates
Third-Party Security
We carefully vet and monitor all third-party services and vendors:
- • Comprehensive vendor security assessments
- • Contractual security requirements and SLAs
- • Regular security reviews of third-party services
- • Data processing agreements (DPAs) with all vendors
- • Limited data sharing with strict controls
- • Vendor risk management program
Incident Response
In the unlikely event of a security incident, we have established procedures:
Immediate Response
- • Incident detection and classification
- • Immediate containment measures
- • Stakeholder notification
- • Evidence preservation
Recovery & Learning
- • System restoration and validation
- • Root cause analysis
- • Process improvements
- • Lessons learned documentation
Security Contact
For security-related inquiries, vulnerabilities, or incidents, please contact:
Security Team: contact@heldus.com
Emergency Hotline: +91 8153952368 (24/7)
Vulnerability Reports: contact@heldus.com
General Contact: contact@heldus.com
We encourage responsible disclosure of security vulnerabilities. Please report any security issues to our security team before public disclosure to allow us time to address them.