Security Policy

Security is integrated into the product lifecycle at iRoot Technologies Private Limited, including design review, access governance, deployment controls, and ongoing risk management.

Internal responsibilities are assigned across engineering, operations, and support functions to maintain secure service delivery.

• Data in transit is protected using modern transport encryption protocols.
• Sensitive data at rest is protected using industry-standard encryption and access restrictions.
• Backups and recovery workflows follow controlled and monitored processes.

iTrackStudio supports role-based access control (RBAC) to enforce least-privilege access across features and workflows.

• User and admin permissions can be scoped by role and responsibility.
• Administrative actions are controlled and reviewed through audit mechanisms.
• Account credentials and privileged access are subject to stricter operational controls.

Platform activity is monitored to detect abnormal behavior, operational failures, and potential security events.

Audit logs are maintained for critical actions to support investigations, compliance requirements, and accountability.

• Production environments are segmented and access-restricted.
• Security patches and dependency updates are applied through controlled release processes.
• Application-level controls are used to reduce common web security risks.

iRoot Technologies Private Limited maintains internal incident handling procedures for identification, containment, remediation, and post-incident review.

Where applicable, affected customers are notified in line with contractual commitments and regulatory obligations.

Customers are responsible for safeguarding account credentials, assigning permissions appropriately, and following internal security hygiene practices.

Security is a shared responsibility between platform provider and customer administrators.