1. Introduction

CompliVault Technologies Pvt. Ltd. ("CompliVault") is committed to maintaining the highest standards of security for our enterprise GRC (Governance, Risk, and Compliance) platform. This whitepaper outlines our comprehensive security measures, practices, and commitments to protecting your sensitive compliance data.

Our security philosophy is built on the principle of "Security by Design" — meaning security considerations are integrated into every aspect of our platform from architecture to deployment.

Our Security Commitment

"Align. Assure. Achieve." — We align with industry best practices, assure data protection through robust controls, and help our customers achieve their compliance goals securely.

2. Data Encryption

All data within CompliVault is protected using industry-leading encryption standards.

Encryption at Rest

AES-256 bit encryption for all stored data
Encrypted database backups
Secure key management with HSM

Encryption in Transit

TLS 1.3 for all API communications
HTTPS enforced across all endpoints
Certificate pinning for mobile apps

3. Access Control & Authentication

CompliVault implements a comprehensive access control framework based on the principle of least privilege.

Role-Based Access Control (RBAC)

Granular permissions ensure users only access data and features relevant to their role. Custom roles can be created to match your organization's structure.

Multi-Factor Authentication (MFA)

Support for TOTP authenticator apps, SMS OTP, and biometric authentication. MFA can be enforced organization-wide.

Single Sign-On (SSO)

Enterprise SSO integration with SAML 2.0 and OAuth 2.0 providers including Microsoft Azure AD, Google Workspace, and Okta.

4. Infrastructure Security

Our infrastructure is designed with multiple layers of security and redundancy.

Enterprise-grade cloud hosting with high-availability architecture
Geographic redundancy across multiple availability zones
DDoS protection and Web Application Firewall (WAF)
Regular vulnerability scanning and penetration testing
Automated security patching and updates

5. BYOD - Bring Your Own Database

For organizations with stringent data sovereignty requirements, CompliVault offers the unique "Bring Your Own Database" (BYOD) feature.

What is BYOD?

BYOD allows you to connect CompliVault to your own database infrastructure. This means your compliance data never leaves your controlled environment while still benefiting from CompliVault's powerful GRC features.

Benefits

• Complete data sovereignty
• Your infrastructure, your rules
• Meet strict regulatory requirements
• No data leaves your environment

Supported Databases

• PostgreSQL 14+
• MySQL 8.0+
• Microsoft SQL Server
• Oracle Database

Enterprise Feature

BYOD is available on Enterprise plans. Contact our team to learn more about implementation and requirements.

6. Audit Logging & Monitoring

Comprehensive audit trails provide complete visibility into all platform activities.

Every user action is logged with timestamp, IP address, and user agent
Immutable, tamper-proof audit logs with cryptographic verification
Real-time alerting for suspicious activities
Log retention for 7 years (configurable)
SIEM integration support for enterprise security monitoring

7. Compliance & Certifications

CompliVault is designed to meet the requirements of major compliance frameworks.

ISO 27001

Built following ISO 27001 best practices for information security management.

SOC 2 Type II

Designed to meet SOC 2 requirements for security, availability, and confidentiality.

GDPR

Tools and features to support EU data protection regulation compliance.

DPDP Act (India)

Ready for India's Digital Personal Data Protection Act requirements.

8. Incident Response

CompliVault maintains a comprehensive incident response plan to quickly address any security events.

1Detection & Analysis - Immediate identification and assessment

2Containment - Limit impact and prevent spread

3Eradication & Recovery - Remove threat and restore services

4Post-Incident Review - Learn and improve

Customers are notified within 72 hours of any confirmed security incident affecting their data, in compliance with GDPR and other regulatory requirements.

9. Contact Information

For security-related inquiries or to report a vulnerability:

Security Team

support@complivault.in

+91 87993 23209

Office

CompliVault Technologies Pvt. Ltd.

Ahmedabad, Gujarat, India

1. Introduction

Our security philosophy is built on the principle of "Security by Design" — meaning security considerations are integrated into every aspect of our platform from architecture to deployment.

Our Security Commitment

"Align. Assure. Achieve." — We align with industry best practices, assure data protection through robust controls, and help our customers achieve their compliance goals securely.

2. Data Encryption

All data within CompliVault is protected using industry-leading encryption standards.

Encryption at Rest

AES-256 bit encryption for all stored data
Encrypted database backups
Secure key management with HSM

Encryption in Transit

TLS 1.3 for all API communications
HTTPS enforced across all endpoints
Certificate pinning for mobile apps

3. Access Control & Authentication

CompliVault implements a comprehensive access control framework based on the principle of least privilege.

Role-Based Access Control (RBAC)

Granular permissions ensure users only access data and features relevant to their role. Custom roles can be created to match your organization's structure.

Multi-Factor Authentication (MFA)

Support for TOTP authenticator apps, SMS OTP, and biometric authentication. MFA can be enforced organization-wide.

Single Sign-On (SSO)

Enterprise SSO integration with SAML 2.0 and OAuth 2.0 providers including Microsoft Azure AD, Google Workspace, and Okta.

4. Infrastructure Security

Our infrastructure is designed with multiple layers of security and redundancy.

Enterprise-grade cloud hosting with high-availability architecture
Geographic redundancy across multiple availability zones
DDoS protection and Web Application Firewall (WAF)
Regular vulnerability scanning and penetration testing
Automated security patching and updates

5. BYOD - Bring Your Own Database

For organizations with stringent data sovereignty requirements, CompliVault offers the unique "Bring Your Own Database" (BYOD) feature.

What is BYOD?

Benefits

• Complete data sovereignty
• Your infrastructure, your rules
• Meet strict regulatory requirements
• No data leaves your environment

Supported Databases

• PostgreSQL 14+
• MySQL 8.0+
• Microsoft SQL Server
• Oracle Database

Enterprise Feature

BYOD is available on Enterprise plans. Contact our team to learn more about implementation and requirements.

6. Audit Logging & Monitoring

Comprehensive audit trails provide complete visibility into all platform activities.

Every user action is logged with timestamp, IP address, and user agent
Immutable, tamper-proof audit logs with cryptographic verification
Real-time alerting for suspicious activities
Log retention for 7 years (configurable)
SIEM integration support for enterprise security monitoring

7. Compliance & Certifications

CompliVault is designed to meet the requirements of major compliance frameworks.

ISO 27001

Built following ISO 27001 best practices for information security management.

SOC 2 Type II

Designed to meet SOC 2 requirements for security, availability, and confidentiality.

GDPR

Tools and features to support EU data protection regulation compliance.

DPDP Act (India)

Ready for India's Digital Personal Data Protection Act requirements.

8. Incident Response

CompliVault maintains a comprehensive incident response plan to quickly address any security events.

1Detection & Analysis - Immediate identification and assessment

2Containment - Limit impact and prevent spread

3Eradication & Recovery - Remove threat and restore services

4Post-Incident Review - Learn and improve

Customers are notified within 72 hours of any confirmed security incident affecting their data, in compliance with GDPR and other regulatory requirements.

9. Contact Information

For security-related inquiries or to report a vulnerability:

Security Team

support@complivault.in

+91 87993 23209

Office

CompliVault Technologies Pvt. Ltd.

Ahmedabad, Gujarat, India

Security Whitepaper

Table of Contents

1. Introduction

2. Data Encryption

Encryption at Rest

Encryption in Transit

3. Access Control & Authentication

Role-Based Access Control (RBAC)

Multi-Factor Authentication (MFA)

Single Sign-On (SSO)

4. Infrastructure Security

5. BYOD - Bring Your Own Database

What is BYOD?

Benefits

Supported Databases

6. Audit Logging & Monitoring

7. Compliance & Certifications

ISO 27001

SOC 2 Type II

GDPR

DPDP Act (India)

8. Incident Response

9. Contact Information

Security Team

Office

Security Whitepaper

Table of Contents

1. Introduction

2. Data Encryption

Encryption at Rest

Encryption in Transit

3. Access Control & Authentication

Role-Based Access Control (RBAC)

Multi-Factor Authentication (MFA)

Single Sign-On (SSO)

4. Infrastructure Security

5. BYOD - Bring Your Own Database

What is BYOD?

Benefits

Supported Databases

6. Audit Logging & Monitoring

7. Compliance & Certifications

ISO 27001

SOC 2 Type II

GDPR

DPDP Act (India)

8. Incident Response

9. Contact Information

Security Team

Office