Security

Enterprise-grade security to protect your insurance data

ISO 27001 Ready SOC 2 Type II Compliant GDPR Compliant

Security is Our Top Priority

We implement multiple layers of security to protect your sensitive insurance data

AES-256

Data Encryption

99.9%

Uptime SLA

Daily

Automated Backups

24/7

Security Monitoring

Data Security

Encryption at Rest

All data stored in our databases is encrypted using AES-256 encryption, the same standard used by banks and government agencies.

  • Database-level encryption
  • File storage encryption
  • Backup encryption
  • Secure key management
Encryption in Transit

All data transmitted between your browser and our servers is protected using TLS 1.3, ensuring secure communication.

  • TLS 1.3 encryption
  • Perfect forward secrecy
  • Strong cipher suites
  • HTTPS enforcement
Multi-Tenant Isolation

Complete data separation ensures that each insurance agency's data is isolated and inaccessible to others.

  • Logical data isolation
  • Tenant-specific databases
  • Access control enforcement
  • Cross-tenant protection
Secure Backups

Automated daily backups with point-in-time recovery capabilities ensure your data is never lost.

  • Automated daily backups
  • Encrypted backup storage
  • 30-day retention period
  • Disaster recovery procedures

Access Control & Authentication

Role-Based Access Control

Granular permission system ensures users only access what they need:

  • Admin: Full system access and configuration
  • Manager: Team oversight and reporting
  • Agent: Customer and policy management
  • Support: Limited view-only access

Multi-Factor Authentication

Additional security layer beyond passwords:

  • SMS-based verification
  • Email-based verification
  • Time-based one-time passwords (TOTP)
  • Backup recovery codes
Additional Security Features
  • Strong password requirements
  • Automatic session timeout
  • IP whitelisting (Enterprise)
  • Single Sign-On (SSO) integration
  • Failed login attempt monitoring
  • Account lockout protection
  • Password reset verification
  • Audit logs for all access

Infrastructure Security

Cloud Infrastructure

Hosted on enterprise-grade cloud infrastructure with built-in security and redundancy

Firewall Protection

Web application firewall (WAF) and DDoS protection to prevent attacks

Intrusion Detection

Real-time monitoring and automated threat detection systems

Regular Updates

Continuous security patches and updates to address vulnerabilities

Network Isolation

Segregated networks and private subnets for enhanced security

Activity Logging

Comprehensive audit trails for compliance and security analysis

Compliance & Certifications

GDPR

General Data Protection Regulation compliance

ISO 27001

Information security management standards

SOC 2 Type II

Service organization control compliance

IRDAI Guidelines

Insurance regulatory compliance (India)

Data Residency

All data is stored in secure data centers located in India, ensuring compliance with local data protection regulations.

Our Security Practices

Development Security

  • Secure Coding: Following OWASP Top 10 security guidelines
  • Code Reviews: Peer review for all code changes
  • Dependency Scanning: Automated vulnerability scanning
  • Static Analysis: Automated security testing

Testing & Validation

  • Penetration Testing: Regular third-party security audits
  • Vulnerability Assessments: Quarterly security scans
  • Security Testing: Automated and manual testing
  • Bug Bounty Program: Responsible disclosure program

Operational Security

  • 24/7 Monitoring: Real-time security monitoring
  • Incident Response: Dedicated security team
  • Disaster Recovery: Tested recovery procedures
  • Business Continuity: Comprehensive continuity plans

Employee Security

  • Background Checks: For all employees
  • Security Training: Regular security awareness training
  • Access Controls: Least privilege principle
  • NDAs: Confidentiality agreements

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly:

  • Email us at security@midastech.in
  • Provide detailed information about the vulnerability
  • Allow us reasonable time to address the issue
  • Do not disclose publicly until we've resolved it

We appreciate responsible security researchers and will acknowledge your contribution.

Have Security Questions?

Our security team is here to address your concerns

Contact Security Team