Security
This website is owned and operated by Aimavrik Technologies LLP under the AiMavrik brand. In this document, “AiMavrik”, “we”, “us” and “our” refer to Aimavrik Technologies LLP.
1. Overview
Security is built into how we work, not added afterwards. This page describes the technical and organisational measures we use to protect our website, our client engagements, and the forthcoming AiMavrik Catalyst platform. We describe our practices honestly and do not claim certifications we do not hold.
2. Hosting & infrastructure
Our website and services run on established, reputable hosting and cloud infrastructure providers with their own physical and network security controls. As Catalyst develops, we will isolate environments to protect customer workspaces.
3. Encryption
Traffic to and from our website and services is encrypted in transit using HTTPS/TLS, with HTTP Strict Transport Security (HSTS) enforced. Where we store sensitive data, we use encryption and access controls appropriate to the data.
4. Authentication & access control
Access to systems and data is restricted to authorised people on a need-to-know basis. We use strong authentication and grant the minimum access required for a task (least privilege). Access is reviewed and removed when no longer needed.
5. Secure development
We follow secure development practices throughout our work:
- Code review: changes are reviewed before they reach production.
- Version control: all code and configuration is tracked in Git, giving full history and rollback.
- Staged deployment: changes are tested before being promoted to production.
- Backup strategy: important data and configurations are backed up so they can be restored.
- Production protection: production is separated from development and access is tightly controlled.
- Least privilege: people and services receive only the access they need.
7. Monitoring & logging
We keep operational logs of relevant activity to detect issues, diagnose problems and support incident response. Logs are retained for a limited period and access is restricted.
8. Backups & resilience
We maintain backups of critical data and configuration and design systems to recover from failures. See our Business Continuity page. For Catalyst, we will provide customers a reasonable ability to export their data.
9. Incident response
If a security incident occurs, we act to contain it, assess the impact, and remediate. Where the law requires, and without undue delay, we will notify affected parties and relevant authorities in line with the DPDP Act and applicable regulations.
10. Responsible disclosure
We welcome reports from security researchers. Please follow our Responsible Disclosure process. A machine-readable policy is published at /.well-known/security.txt.
11. On certifications
We describe only the practices we actually follow. We do not claim ISO 27001, SOC 2, GDPR certification, or any other certification we do not hold. If and when we obtain formal certifications, we will state them clearly here.
12. Security contact
To report a security concern, email hello@aimavrik.com or follow our Responsible Disclosure process.
| Topic | Contact |
|---|---|
| General enquiries | hello@aimavrik.com |
| Privacy & data protection | hello@aimavrik.com |
| Security | hello@aimavrik.com · see Responsible Disclosure |
| Legal notices | hello@aimavrik.com |