Data Security Policy

1. Our Commitment to Data Security

At Aurtos Technologies LLP, we take the security of your data seriously. We implement industry-standard technical and organizational measures to protect your personal information, business data, and payment details from unauthorized access, disclosure, alteration, or destruction.

2. Data Collection & Storage

We collect and store the following types of data:

• Personal Information: Name, email, phone number, company name — collected through forms, emails, or WhatsApp conversations for the purpose of service delivery and communication.
• Project Data: Files, designs, credentials, and content shared by clients during project execution. This data is treated as confidential.
• Payment Data: We do NOT store credit card numbers, CVV, or any sensitive payment information. All payment processing is handled by PCI-DSS compliant third-party payment gateways.
• Analytics Data: Website usage data collected via Google Analytics and similar tools for improving user experience. This data is anonymized.

3. Technical Security Measures

• SSL/TLS encryption (256-bit) across all web properties
• Secure, encrypted communication channels for client data exchange
• Regular security audits and vulnerability assessments
• Access controls — client data is accessible only to assigned team members
• Secure cloud hosting with automatic backups and failover
• Two-factor authentication (2FA) on all internal systems
• Regular software and dependency updates to patch vulnerabilities

4. Client Data Handling

• All client credentials (hosting, CMS, ad accounts, etc.) are stored in encrypted password managers.
• Client project files are stored on secure, access-controlled cloud storage.
• We sign NDAs (Non-Disclosure Agreements) upon request for sensitive projects.
• Upon project completion or contract termination, client data is retained for 90 days for support purposes, after which it can be deleted upon written request.

5. Third-Party Services

We use trusted third-party services for various functions. These include:

• Payment Gateways (Razorpay, etc.) — PCI-DSS Level 1 compliant
• Cloud Hosting (AWS, Vercel, DigitalOcean) — SOC 2 compliant
• Email Services — encrypted and compliant
• Analytics (Google Analytics) — anonymized data collection
• Advertising Platforms (Meta, Google) — governed by their own privacy policies

We do not share your personal or business data with any third party for marketing purposes without your explicit consent.

6. Incident Response

In the unlikely event of a data breach or security incident:

• We will notify affected clients within 72 hours of discovery
• We will take immediate steps to contain and remediate the incident
• We will cooperate with relevant authorities as required by law
• We will provide a detailed report of the incident and steps taken

7. Compliance

Aurtos Studio complies with:

• Information Technology Act, 2000 (India)
• IT (Reasonable Security Practices and Procedures) Rules, 2011
• RBI guidelines on digital payments and data localization
• Digital Personal Data Protection Act, 2023 (DPDP Act)
• PCI-DSS standards (via payment gateway partners)

8. Your Rights

You have the right to:

• Request access to your personal data stored with us
• Request correction or deletion of your data
• Withdraw consent for data processing
• Request a copy of your data in a portable format
• Lodge a complaint with the Data Protection Board of India

9. Contact — Data Protection

For data security concerns or to exercise your data rights, contact:

Data Protection Officer
Aurtos Technologies LLP
Address: Unit 603-604, 6th Floor, Tower-B, Bhutani Alphathum, Sector-90, Noida, Uttar Pradesh - 201305, India
Email: info@aurtostechnologies.in
WhatsApp: +916397845844