DATA ENCRYPTION

Encryption in Transit

Encryption in transit protects data while it travels between your device and our servers. All communications are secured using TLS version 1.2 or higher. Perfect Forward Secrecy is enforced to ensure historical data remains secure even if an encryption key is compromised. Certificate pinning is implemented to prevent man-in-the-middle attacks, and HTTPS is enforced across the entire platform, not just on login pages.

As a result, your data remains protected even when accessed over unsecured networks. WhatsApp integrations are fully encrypted, call recording data is encrypted during transmission, and all communications remain secure and private.

Encryption at Rest

Encryption at rest protects data stored within our databases and servers. All customer data is encrypted using AES-256 encryption. Separate encryption keys are maintained for each customer, and encryption keys are rotated automatically on a periodic basis. Secure key management practices are followed to ensure encryption keys are stored and handled securely.

This approach ensures that even if physical infrastructure is compromised, the stored data remains unreadable without the appropriate encryption keys. Encrypted backups receive the same level of protection, and deleted data remains protected during the defined retention period.

Optional Enhanced Encryption

Customers with additional security requirements may request customer-controlled encryption keys, zero-access encryption layers, or customized enterprise security consultations to further enhance data protection.

NETWORK SECURITY

RSoft Technologies protects its infrastructure through multi-layered firewalls, web application firewalls, intrusion detection systems, and automated DDoS mitigation mechanisms. Customer data is segregated from internal systems, development environments are isolated from production, and administrative systems are accessible only through restricted access controls. All remote access requires secure VPN connections and automated security checks before access is granted. API integrations are secured using securely generated API keys, rate limiting, OAuth 2.0 authentication, request signing, and comprehensive audit logging to prevent abuse and unauthorized access.

DISASTER RECOVERY

In the event of a data center failure, RSoft Technologies maintains a recovery time objective of four hours and a recovery point objective of one hour. Customer data is replicated across multiple regions, and automatic failover mechanisms are designed to continue service with minimal disruption. Disaster recovery procedures are tested regularly to ensure effectiveness.

All backups include customer data such as leads, contacts, communications, configuration settings, call recordings, and system logs required for compliance.

DATA BREACH & INCIDENT RESPONSE

RSoft Technologies continuously monitors its systems for security threats through real-time monitoring, alerting, vulnerability scanning, and audit logging. If a security incident is detected, immediate containment and investigation steps are initiated. Affected customers and regulatory authorities are notified when required, and remediation measures are implemented promptly. Post-incident reviews are conducted to strengthen future security controls.

EMPLOYEE SECURITY

All RSoft Technologies employees undergo employment history verification, reference checks, background checks as per company policy, and periodic security clearance reviews. Mandatory security training covers information security fundamentals, data protection and privacy, secure coding practices, and incident reporting procedures. Employees follow strict data handling, acceptable use, clean desk, confidentiality, and incident reporting policies. Policy violations result in corrective action, and security policies are reviewed and updated regularly.

MONITORING & LOGGING

Comprehensive logging includes authentication events, data access and modification records, API activity, administrative actions, security alerts, and system errors. Active logs are maintained for compliance purposes, while archived logs are retained for audit requirements. All logs are encrypted, immutable, and regularly verified for integrity. Continuous monitoring and automated alerting help identify suspicious activity, including failed login attempts, unusual data access patterns, and unauthorized configuration changes. Immutable audit trails preserve complete activity records for investigation and compliance.

REGULAR SECURITY TESTING

RSoft Technologies performs continuous automated vulnerability scanning, real-time code security checks, dependency vulnerability assessments, configuration reviews, and automated patch deployment. Internal and external security audits are conducted regularly to verify compliance, identify risks, and implement improvements based on best practices.

BUSINESS VALUE OF SECURITY

RSoft Technologies provides enterprise-grade data protection, global compliance standards, continuous security monitoring, encrypted data handling, and transparent security practices to customers. These measures help businesses build trust, reduce the risk of data incidents, meet regulatory requirements, and support high-value engagements. For investors, this security approach demonstrates strong risk management, operational excellence, customer retention capability, regulatory readiness, and scalable security practices.