Security Practices

Last Updated: August 01, 2025

1. Architecture & Segregation 2. Identity & Access 3. Encryption 4. Secure Development 5. Vulnerability Mgmt 6. Incident Response 7. Backup & DR 8. Logging & Monitoring 9. Hosting & Network 10. Compliance & Privacy 11. Shared Responsibility 12. Contact

1. Architecture & Data Segregation

Each Customer is provisioned with a separate database. Application workloads communicate with databases over private, authenticated channels. Direct public access to databases is disabled; access is granted only via backend services.

2. Identity & Access Management

  • Authentication with ASP.NET Identity and JWT; optional MFA roadmap.
  • Role-based access controls (RBAC) with least-privilege.
  • Automatic session expiry and device sign-out on password reset.

3. Encryption

  • In-transit: TLS 1.2+ enforced for all endpoints.
  • At-rest: credentials hashed & salted; sensitive fields encrypted (AES-256 where applicable).
  • Secrets stored outside source code using environment configuration.

4. Secure Development Lifecycle

  • Peer reviews, automated checks, and staging before production deploys.
  • Dependency updates and vulnerability scanning during build.
  • Change management with rollback plans.

5. Vulnerability Management

  • Regular patching of OS, runtime, and frameworks.
  • Routine security scans and remediation SLAs based on severity.
  • Bug reporting channel available to customers.

6. Incident Response

We maintain an incident response playbook: identification, containment, eradication, recovery, and post-incident review. Customers are notified of material incidents affecting their data.

7. Backup & Disaster Recovery

  • Automated daily backups with periodic restore tests.
  • Retention aligned with business and regulatory needs.
  • Documented recovery time objectives (RTO/RPO) targets.

8. Logging & Monitoring

  • Audit logs for authentication and sensitive actions.
  • Alerting on anomalous activities and error spikes.
  • Time-synced logs retained per policy.

9. Hosting & Network Security

  • Firewall rules restrict inbound/outbound traffic.
  • No direct database exposure to public internet.
  • Production access limited to authorized administrators with MFA.

10. Compliance & Privacy

We align with privacy principles and provide tools for data export/deletion to support GDPR-style rights. Formal certifications, where applicable, will be communicated to Customers.

11. Shared Responsibility

Security is shared between Unimanage and Customers. We secure the platform; Customers manage user access, strong passwords, and device hygiene within their organizations.

12. Contact

Address: M-3, Gali No. 7, Mamura, Sector 66, Noida, Uttar Pradesh, 201301