Security Practices

Q: How does Unimanage protect customer data?

Each customer is provisioned with a separate database. We use encryption in transit and at rest, implement role-based access controls, and maintain strict security protocols to protect customer data.

Q: What security measures does Unimanage have in place?

We implement secure development lifecycle, vulnerability management, incident response procedures, regular backups, and comprehensive monitoring to ensure the security of our gym management platform.

Last Updated: August 01, 2025

Quick Navigation

1. Architecture & Segregation 2. Identity & Access 3. Encryption 4. Secure Development 5. Vulnerability Mgmt 6. Incident Response 7. Backup & DR 8. Logging & Monitoring 9. Hosting & Network 10. Compliance & Privacy 11. Shared Responsibility 12. Contact

1. Architecture & Data Segregation

Each Customer is provisioned with a separate database. Application workloads communicate with databases over private, authenticated channels. Direct public access to databases is disabled; access is granted only via backend services.

2. Identity & Access Management

Authentication with ASP.NET Identity and JWT; optional MFA roadmap.
Role-based access controls (RBAC) with least-privilege.
Automatic session expiry and device sign-out on password reset.

3. Encryption

In-transit: TLS 1.2+ enforced for all endpoints.
At-rest: credentials hashed & salted; sensitive fields encrypted (AES-256 where applicable).
Secrets stored outside source code using environment configuration.

4. Secure Development Lifecycle

Peer reviews, automated checks, and staging before production deploys.
Dependency updates and vulnerability scanning during build.
Change management with rollback plans.

5. Vulnerability Management

Regular patching of OS, runtime, and frameworks.
Routine security scans and remediation SLAs based on severity.
Bug reporting channel available to customers.

6. Incident Response

We maintain an incident response playbook: identification, containment, eradication, recovery, and post-incident review. Customers are notified of material incidents affecting their data.

7. Backup & Disaster Recovery

Automated daily backups with periodic restore tests.
Retention aligned with business and regulatory needs.
Documented recovery time objectives (RTO/RPO) targets.

8. Logging & Monitoring

Audit logs for authentication and sensitive actions.
Alerting on anomalous activities and error spikes.
Time-synced logs retained per policy.

9. Hosting & Network Security

Firewall rules restrict inbound/outbound traffic.
No direct database exposure to public internet.
Production access limited to authorized administrators with MFA.

10. Compliance & Privacy

We align with privacy principles and provide tools for data export/deletion to support GDPR-style rights. Formal certifications, where applicable, will be communicated to Customers in India.

11. Shared Responsibility

Security is shared between Unimanage and Customers. We secure the platform; Customers manage user access, strong passwords, and device hygiene within their organizations.

12. Contact

Email: support@unimanage.tech

Phone: +91 9205807124

Address: M-3, Gali No. 7, Mamura, Sector 66, Noida, Uttar Pradesh, 201301, India

For more details about our security and privacy practices, you may also want to review: