Back to Home

Security

Our Commitment to Your Data Security

Built with Security-First Approach

1. Our Security Commitment

At SuTan Digital Solutions, security is our top priority. We've built our platform from the ground up with security best practices and compliance standards in mind. Our infrastructure is designed to meet industry security standards and regulatory requirements including Indian IT Act 2000 and DPDPA 2023.

Zero-Knowledge Document Handling: Your documents never leave your system. Only the cryptographic hash of your document is transmitted for signing - we never see, store, or process your actual documents.

2. Data Encryption

Data in Transit:

  • TLS 1.3 encryption for all data transmission
  • HTTPS protocol enforced across all endpoints
  • Secure API communication channels

Data at Rest:

  • AES-256 encryption for all sensitive data
  • BCrypt password hashing with unique salts
  • Secure key management practices
  • Encrypted backup storage

3. Infrastructure Security

Cloud Infrastructure:

  • Hosted on AWS with enterprise-grade security
  • DDoS protection and mitigation
  • Web Application Firewall (WAF) protection
  • Regular security patches and updates
  • Network segmentation and isolation
  • 24/7 infrastructure monitoring

Data Center Security:

  • ISO 27001 certified data centers
  • Physical security and access controls
  • Redundant power and network connectivity
  • Geographic redundancy for disaster recovery

4. Application Security

  • Secure development following OWASP guidelines
  • Protection against SQL injection, XSS, and CSRF attacks
  • Input validation and output encoding
  • Regular security testing and code reviews
  • Dependency vulnerability scanning
  • Secure API design with rate limiting

5. Authentication & Access Control

Authentication:

  • Secure token-based authentication (JWT)
  • API key authentication for integrations
  • Strong password requirements
  • Account lockout after failed attempts
  • Automatic session timeout

Authorization:

  • Role-based access control (RBAC)
  • Principle of least privilege
  • Segregation of duties
  • Audit logging of all access

6. Digital Signature Security

  • SHA-256 cryptographic hashing
  • RSA/ECDSA signature algorithms
  • PKCS#7/CMS compliant signatures
  • Trusted Timestamp Authority (TSA) integration
  • Full PKI certificate chain validation
  • Signatures valid under IT Act 2000

7. Audit & Monitoring

  • Comprehensive audit trail for all operations
  • Immutable logging of signature events
  • Real-time security monitoring and alerting
  • Anomaly detection for suspicious activities
  • Regular log review and analysis
  • Retention of audit logs as per compliance requirements

8. Compliance & Standards

Regulatory Compliance:

  • IT Act 2000: Digital signatures recognized under Indian law
  • DPDPA 2023: Digital Personal Data Protection Act compliance
  • GDPR: Data protection principles and consent management

Industry Standards:

  • PKCS#7, PKCS#11, PKCS#12 standards compliance
  • RFC 3161 timestamp protocol
  • X.509 certificate standards

Certifications (In Progress):

  • ISO 27001 - Information Security Management
  • SOC 2 Type II - Security, Availability, Confidentiality

9. Data Backup & Recovery

  • Regular automated encrypted backups
  • Multiple backup locations for redundancy
  • Backup integrity verification
  • Documented disaster recovery procedures
  • Target uptime of 99.9%
  • Defined Recovery Time Objectives (RTO)

10. Incident Response

  • Defined incident response procedures
  • 24/7 security monitoring
  • Rapid identification and containment
  • Root cause analysis and remediation
  • Transparent communication with affected parties
  • Post-incident review and improvements

11. Third-Party Security

  • Security assessment of all vendors
  • Data processing agreements in place
  • Minimal data sharing with third parties
  • Regular vendor security reviews

12. Your Security Responsibilities

Security is a shared responsibility. We recommend:

  • Use strong, unique passwords
  • Keep API keys and credentials confidential
  • Implement secure coding practices in your integration
  • Report suspicious activity immediately
  • Keep your systems and software updated
  • Train your team on security best practices

13. Reporting Security Concerns

If you discover a security vulnerability or have concerns, please contact us immediately:

Security Team:
Email: security@sutansign.com
Phone: +91 995-113-3856

We take all security reports seriously and respond within 24 hours.

14. Updates to This Policy

We continuously improve our security measures. This page is updated regularly to reflect our current practices.

Last Updated: January 2025

15. Contact Information

SuTan Digital Solutions
Security: security@sutansign.com
Support: info@sutansign.com
Phone: +91 995-113-3856