LIVE
Status: all systems operational Security docs refreshed New: dependency audit process Rotating keys this quarter MFA enforcement completed
bS
bataSutra
News, context & tools

Security

Our approach to protecting user data and platform integrity: modern encryption, least-privilege access, continuous monitoring, and rapid incident response.

Practices Data Protection Incident Response Compliance

Security practices

  • Defense-in-depth across app, network, and data layers
  • Least-privilege IAM with periodic access reviews
  • Mandatory MFA for admins and engineering roles
  • Code reviews, SAST/DAST, and supply-chain scanning
  • HSTS, secure cookies, CSP, and modern TLS

Data protection

  • Encryption in transit (TLS 1.2+) and at rest (AES-256 or cloud-native KMS)
  • Segregated environments (dev/stage/prod) with separate credentials
  • Tokenization/pseudonymization for sensitive fields where practical
  • Strict logging with redaction; access logs retained per policy

Incident response

  1. Detect & Triage — intake, severity, scope
  2. Contain & Eradicate — isolate systems, revoke keys, patch
  3. Recover — validate integrity, restore services, monitor
  4. Post-mortem — root cause, corrective actions, timelines
  5. Notify — stakeholders and users when required by law or policy

Compliance & policies

  • Privacy: see Privacy Policy
  • Data retention & deletion per product policy; backups per schedule
  • Vendor security review for critical third parties
  • Annual security training and phishing simulations

FAQ

Do you encrypt data at rest and in transit?
Yes—TLS 1.2+ in transit and AES-256/KMS at rest.
Do you have a bug bounty?
We operate a responsible disclosure program; see the policy for rewards guidance.
How do I report a security issue?
Email security@batasutra.in with steps to reproduce. Use our PGP for sensitive details.

Security change log

2025-09-22
Static release build
All sections are static; top/bottom tickers hydrate from Google Sheets (Headlines tab).
Weekly patch window Friday 18:00 IST Zero critical issues open Key rotation in progress New hardening baseline applied Staff security training scheduled