Skip to content

Data Encryption and Secure Communications

Safehats is committed to ensuring the highest levels of data security and integrity. All data, whether at rest or in transit, is securely encrypted using advanced encryption protocols. This commitment extends across our database systems, file storage, and application layers, providing comprehensive protection against unauthorized access and data breaches.

Encryption at Rest:

  • Database Encryption: Safehats employs strong encryption methods to secure all data stored within our databases. This ensures that sensitive information is protected from unauthorized access at the storage level.
  • File System Encryption: Data stored within our file systems is encrypted using robust encryption algorithms. This layer of security protects files from being exposed or compromised while stored on our servers.
  • Application-Level Encryption: Sensitive data handled by our applications is encrypted at the application layer using dedicated encryption keys. This approach adds an additional layer of security, safeguarding data before it is stored or transmitted.

Encryption in Transit:

  • HTTPS (SSL/TLS): Safehats uses HTTPS with SSL/TLS encryption to secure all data transmitted between users and our servers. This protocol ensures that all communications, including web access and data transfers, are secure from eavesdropping and man-in-the-middle attacks.
  • Secure API Communication: Our APIs are secured with SSL/TLS encryption as well, guaranteeing that data exchanged via API calls is protected during transmission. This is crucial for maintaining the integrity and confidentiality of data accessed through third-party applications and services.

Key Management and Best Practices:

  • Encryption Key Management: Safehats employs a stringent key management protocol to handle encryption keys securely. This includes key generation, storage, rotation, and retirement, ensuring that encryption keys are managed according to industry best practices.
  • Regular Security Audits: We conduct regular security audits and vulnerability assessments to ensure that our encryption practices and other security measures are effective and up-to-date with the latest security trends and threats.

User Access and Control:

  • Role-Based Access Control: Access to encrypted data is strictly controlled through role-based access policies. Users are granted access rights based on their role within the organization, minimizing the risk of unauthorized data access.
  • Audit Trails: All access to encrypted data is logged and monitored. These audit trails help in detecting and responding to potential security incidents promptly.

Privacy and Data Protection

Core Privacy Principles

Safehats is dedicated to maintaining a high standard of privacy and data protection for all its users. We adhere to a minimalist approach in data collection, ensuring that only essential information is gathered to support platform operations.

Minimal Personal Information Collection:

  • Limited Data Collection: Safehats requires only minimal personal information for operational purposes. Currently, we collect only the user's email ID, which is used exclusively for communication related to platform activities.
  • Purpose of Collection: The collection of email IDs enables Safehats to facilitate necessary communications with users, such as sending notifications, updates, and essential information regarding the platform.

Compliance with Data Protection Laws:

  • GDPR Compliance: The Safehats platform is fully compliant with the General Data Protection Regulation (GDPR), adhering to the stringent standards set for data protection and privacy for individuals within the European Union and the European Economic Area.
  • Data Protection Measures: We implement robust security measures to protect the personal information of our users. These include encryption, access control, and regular security assessments to prevent unauthorized access and ensure data integrity and confidentiality.

User Rights and Control:

  • Access and Control: Users have the right to access, correct, or delete their personal information at any time. Safehats provides easy-to-use tools and settings to help users manage their data and privacy preferences effectively.
  • Transparency: We believe in complete transparency with our users about the data we collect and how it is used. Our privacy policies and practices are clearly documented and accessible, ensuring users can make informed decisions.

Commitment to Continuous Improvement:

  • Ongoing Compliance: Safehats is committed to continually reviewing and updating its privacy practices and data protection measures to align with evolving regulations and best practices.
  • Engagement and Feedback: We actively engage with our user community to gather feedback and suggestions on how to improve our privacy practices and better meet the needs of our users.

Product Security

The Safehats platform is committed to maintaining the highest levels of security, undergoing thorough security testing for any changes to ensure robust protection. We adhere to the OWASP SAMM (Software Assurance Maturity Model) framework for product security, which guides our development and maintenance processes to enhance the security posture of our platform continually. Safehats is proactive in addressing any identified vulnerabilities, cyber threats, and ensuring compliance with regulatory requirements. This commitment extends to regular version upgrades to incorporate the latest security patches and features. To safeguard data integrity and confidentiality, Safehats ensures that all data, whether at rest or in transit, is encrypted. This dual-layer encryption approach minimizes the risk of unauthorized data access and ensures that our users' data is protected consistently with industry-leading security standards. Through these measures, Safehats delivers a secure and reliable platform that users can trust for their critical security needs.

Compliance and Security Audits

Safehats is committed to maintaining the highest standards of security. In alignment with this commitment, we rigorously comply with regulations and standards set by CERT-In (Indian Computer Emergency Response Team). Safehats actively collaborates with CERT-In empaneled security audit firms and agencies to conduct thorough security audits on a regular basis. Security Audit Process:

  • Regular Audits: Safehats undergoes security audits every 3 to 6 months. These regular intervals ensure continuous oversight and adherence to the latest security practices and compliance standards.
  • Audit Partners: We partner with security audit firms and agencies that are empaneled by CERT-In, ensuring that our auditors have the requisite expertise and authorization to perform comprehensive and reliable security evaluations.
  • Scope of Audits: The audits assess all aspects of our platform, including infrastructure, network configurations, application security, and data management practices. This comprehensive approach helps in identifying vulnerabilities and ensuring robust security measures are in place.
  • Adherence to Standards: By complying with CERT-In guidelines, Safehats ensures that its security practices meet national standards for cyber security. This compliance is crucial for maintaining the trust of our users, especially those handling sensitive information.
  • Updated Practices: CERT-In frequently updates its guidelines to reflect emerging threats and best practices. Safehats continuously adapts its security strategies to these updates, ensuring our defenses remain effective against new and evolving cyber threats.