Home Products About Us Why LittleGuard Contact
Security

Data Security

EVOQUICK PRIVATE LIMITED

Our Commitment to Security

At EVOQUICK PRIVATE LIMITED, security is a foundational part of how we build and operate our software. We apply industry-standard technical and organisational controls to protect the data entrusted to us by our customers. This page describes the key security measures we have in place.

🔐
Encryption at Rest
All stored data is encrypted using AES-256.
🔒
Encryption in Transit
All data in transit is protected using TLS 1.2 or higher.
🛡️
Access Controls
Role-based access with least-privilege principles.
🇮🇳
Data Residency
Data is stored on servers located within India.

1. Infrastructure Security

Our services are hosted on enterprise-grade cloud infrastructure with redundant systems, continuous availability monitoring, and physical security controls including restricted access, CCTV, and environmental safeguards. We maintain strict separation between development, staging, and production environments. Production data is never accessible in non-production environments.

2. Encryption

  • At Rest: All customer data stored in our databases and file storage is encrypted using AES-256.
  • In Transit: All communication between clients and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across all our web properties.
  • Backups: All database backups are encrypted before being written to storage and are stored separately from primary data.

3. Access Control

We follow the principle of least privilege across our systems:

  • Internal access to production systems is granted only to authorised personnel who require it for their role
  • All internal access requires multi-factor authentication (MFA)
  • Access rights are reviewed periodically and revoked immediately upon role change or departure
  • All access to production data by EvoQuick staff is logged and auditable

4. Authentication and Session Management

  • Passwords are stored using strong one-way hashing algorithms (bcrypt)
  • Accounts are protected against brute-force attacks through rate limiting and temporary lockouts
  • Session tokens are cryptographically signed, have a defined expiry, and are invalidated on logout
  • Multi-factor authentication is supported and recommended for all user accounts

5. Secure Development Practices

  • Security requirements are integrated into our software development lifecycle (SDLC)
  • All code changes undergo peer review before being merged to production
  • Dependencies are regularly audited and updated to address known vulnerabilities
  • We conduct security testing as part of our release process
  • Our team receives regular training on secure coding practices and common vulnerability patterns

6. Data Backup and Recovery

  • Automated backups are performed daily and retained for a minimum of 30 days
  • Backups are stored in a geographically separate location from primary data
  • Backup restoration procedures are tested regularly to ensure recoverability
  • We maintain documented disaster recovery and business continuity plans

7. Network Security

  • Our infrastructure is protected by firewalls, intrusion detection systems, and DDoS mitigation
  • Network traffic is monitored continuously for anomalous activity
  • Internal systems are isolated from public-facing services using network segmentation

8. Incident Response

We maintain a documented incident response plan. In the event of a confirmed security incident affecting customer data, we will:

  • Contain and assess the incident as quickly as possible
  • Notify affected customers within 72 hours of becoming aware of a breach
  • Work transparently to resolve the issue and prevent recurrence
  • Cooperate fully with authorities as required by applicable law

9. Vendor and Third-Party Security

Where we engage third-party vendors who process customer data on our behalf, we require them to maintain security standards consistent with our own. Vendors are assessed before engagement and are bound by data processing agreements that include appropriate security obligations.

10. Responsible Disclosure

We welcome responsible disclosure of security vulnerabilities. If you believe you have discovered a security issue in any of our products or systems, please report it to us at info@evoquick.com. We will acknowledge your report promptly and work to address valid findings in a timely manner.

11. Contact

For security-related enquiries, please contact:

EVOQUICK PRIVATE LIMITED
Email: info@evoquick.com
Website: evoquick.com