Data privacy and security

This page summarizes how Saketh Tech Private Limited("Saketh Tech") approaches data privacy and security in client work and on our own systems. It is informational and does not replace contractual commitments, a security questionnaire (SIG/CAIQ), or a dedicated data processing agreement where one is in place.

1. Security by design

We integrate security considerations into planning, architecture reviews, and delivery checkpoints. For regulated and high-sensitivity workloads, we align controls with agreed baselines (for example identity standards, encryption expectations, logging requirements, and change management).

2. Identity and access

• Role-based access with least-privilege defaults for production and customer environments.
• Multi-factor authentication where supported and required for privileged access.
• Centralized identity where feasible; periodic access reviews for long-lived credentials.

3. Data protection

Encryption

We support encryption in transit (TLS) for services we operate and recommend modern ciphers for customer integrations. At-rest encryption depends on cloud provider and configuration; we help clients select patterns appropriate to their risk profile.

Classification and minimization

We encourage labeling of sensitive data and minimizing collection to what is needed for the engagement. PII and secrets should not be stored in code repositories; we use secure exchange for credentials where possible.

Backups and resilience

We design backup, restore, and disaster-recovery strategies based on agreed recovery objectives (RTO/RPO). Specific targets are documented per project or runbook.

4. Logging and monitoring

We recommend centralized logging, alerting on security-relevant events, and sensible log retention that balances investigation needs with privacy obligations. Exact tooling is chosen per engagement (for example cloud-native telemetry vs SIEM).

5. Vulnerability and patch management

We use dependency scanning where applicable, track known vulnerabilities, and plan patching according to severity and business impact. Penetration tests and red-team exercises may be arranged with third parties when customers require evidence.

6. Incident response

We maintain an internal process to detect, contain, eradicate, and recover from security incidents. For customer-managed environments, we coordinate with your security team and follow agreed notification timelines. Regulatory reporting remains the customer's responsibility unless we have contractually agreed otherwise.

7. Vendor and subprocessor diligence

We assess subprocessors for practices that align with customer requirements and document flows of data between systems. Customers may request lists of typical subprocessors used on relevant projects.

8. Privacy in engineering workflows

We support privacy impact thinking in features that handle personal data: purpose limitation, retention limits, auditability, and user transparency. Formal Data Protection Impact Assessments are produced when a client or regulator requires them.

9. Compliance alignment

Mappings to frameworks (ISO 27001-style controls, SOC 2 themes, GDPR technical measures) are often prepared as part of an engagement or RFP response. Saketh Tech does not universally certify against every standard; we work with clients to meet their specific attestation or audit needs.

10. Contact

For security reviews, questionnaires, or privacy inquiries: contact@sakethech.com. Please include your organization, scope, and preferred response timeline.