Security and compliance, in plain English.
Honest, current status on every standard that matters to your procurement, legal and security teams. Here is exactly what we practise, what we are aligned with, and what is on our roadmap.
Encryption everywhere
TLS 1.2+ in transit, AES-256 at rest. Keys managed in cloud KMS with rotation policies and access auditing.
Least-privilege access
MFA-enforced, role-based, time-bound. Production access requires explicit approval and is fully audit-logged.
Secure SDLC
Threat modelling, code review, SAST/DAST, dependency scanning, secret scanning: built into every CI/CD pipeline.
Privacy by contract
Mutual NDAs before sensitive discussions. DPAs for every engagement involving personal data. Sub-processor list available on request.
Data residency
EU, India, US and APAC data-residency options. Choose where your data lives and stays.
Incident response
Documented response runbooks. Severity-based SLAs aligned to CVSS. Customer notification commitments in our DPA.
From the moment we touch your data to the moment it leaves.
Four stages. Each one logged, audited, and bound by your DPA. You can request a deletion-of-data report at any time.
Collect
TLS-encrypted ingestion. PII flagged at boundary.
Process
In-memory only. PII redacted before processing or inference.
Store
AES-256 encryption at rest. Multi-region replication.
Govern
Audit logs, retention policies, deletion on request.
Where we stand, today.
Real status, not theatre. Here is exactly where we stand on the standards that matter to your security, legal and procurement teams updated as we progress.
OWASP ASVS
In PracticeOWASP Application Security Verification Standard: every release tested against ASVS Level 2.
Secure SDLC
In PracticeThreat modelling, code review, SAST/DAST, dependency scanning, secret scanning baked into CI/CD.
SOC 2 Type II
RoadmapAICPA framework for security, availability, processing integrity, confidentiality and privacy of customer data.
NDA & DPA
In PracticeMutual NDAs before sensitive discussions; DPAs for every engagement processing personal data.
GDPR-aligned
AlignedEU General Data Protection Regulation: privacy and data-protection for EU data subjects. DPA and sub-processor list available.
India DPDP
AlignedDigital Personal Data Protection Act, 2023: privacy and data-protection for Indian data principals.
CCPA / CPRA
AlignedCalifornia Consumer Privacy Act: privacy rights for California residents.
WCAG 2.2 AA
In PracticeWeb Content Accessibility Guidelines: every public-facing UI we ship targets WCAG 2.2 AA.
HIPAA-ready
AlignedFor healthcare engagements: BAAs, encryption, audit logs and PHI access controls in place.
PCI-DSS aligned
AlignedFor payment-handling engagements: tokenisation, scope minimisation, secure SDLC.
Vulnerability disclosure
If you believe you have found a vulnerability in any Techliphant product or service, email security@techliphant.com. We acknowledge reports within 24 hours, triage within 72 hours, and don't pursue researchers operating in good faith.
Trust & security FAQs
Yes. For client engagements involving EU data subjects, we operate as a Data Processor under signed DPAs with documented sub-processors, retention policies, and data-subject request workflows.
Yes. Mutual NDAs are signed before any sensitive discussion, and DPAs are signed for any engagement processing personal data.
Least-privilege, time-bound, audit-logged, MFA-enforced. Customer-data access requires explicit approval and is logged.
Email security@techliphant.com. We acknowledge within 24 hours, triage within 72 hours, and remediate within SLAs aligned to CVSS severity. We do not pursue researchers acting in good faith.
Ready when you are
Let's build something exceptional.
Tell us about your business, your stack, and the problem you are trying to solve. We respond with a clear next step usually a 30-minute discovery call, no fluff.