In the last few months, we have subjected ourselves to a lot of scrutiny. We got ISO 27001 certified. We got a VAPT certificate from a CERT-IN empanelled vendor. We are currently getting our source code reviewed as well. Info Sec teams of 2 large financial companies (now, you can understand, being financial firms they are extremely cautious about Information Security) evaluated our security from multiple angles. Not only did they grill us on our cloud security but also on our processes. One of the world’s largest auditing firms reviewed our processes (and the review is still going on since more than a month, almost on the verge of closure).
It has been tough for the team- being a customer driven product, we focused mainly on consumer’s satisfaction and ease, while certain elements of security of the highest standards may have taken a back seat. But after all of these scrutiny, we can proudly say that we have passed all exams! We have made sure that we use encryption at the right places, that our internal usage policies are smart enough to not impact client data in any way, that we use virtual private cloud with various additional security features with our cloud provider AWS, and MUCH MUCH more!
Now, this is the kind of security which binds us to our customers and consumers for a much longer time, hopefully 🙂