Hexa Quordle

Menu

Security

Security Compliance Statement

Last Updated: October 13, 2025

At Hexa Quordle, security is paramount. As an Indian outsourcing firm handling e-commerce data, we comply with RBI Guidelines on Outsourcing of IT Services (2023), DPDPA security mandates, IT Act SPDI Rules, and international standards like GDPR and ISO 27001 principles. We undergo annual third-party audits.

1. Risk Management

We conduct regular risk assessments for data processing, including vendor reviews. High-risk activities (e.g., credential handling) use alternatives like API integrations.

2. Access Controls

  • Role-based access (least privilege); multi-factor authentication (MFA).
  • No shared credentials; client data segregated.

3. Data Protection Measures

  • Encryption: In-transit (TLS 1.3) and at-rest (AES-256).
  • Secure storage: India-based servers (e.g., AWS Mumbai region) for sensitive data.
  • Backup and recovery: Encrypted, tested quarterly.

4. Incident Response

Breach notification within 72 hours to clients and DPBI (per DPDPA). We maintain logs for 6 months and conduct post-incident reviews.

5. Vendor and Third-Party Compliance

All partners (e.g., payment gateways) sign DPAs with equivalent security clauses. No outsourcing to non-compliant entities.

6. Employee Training

Annual cybersecurity training; background checks for handlers.

7. Certifications and Audits

Aiming for ISO 27001 certification by [Date]. Audits by [e.g., KPMG India]. Clients may request SOC 2 reports under NDA.

8. Continuous Improvement

We monitor threats via tools like firewalls and SIEM systems. Updates shared via newsletter.

For questions: hexaquordle@gmail.com This statement supplements our Privacy Policy.