Security at Ciruss OS
Enterprise-grade security infrastructure built for Indian D2C brands. We treat your data with the highest level of care.
1. Data Hosting and Residency
To ensure compliance with the upcoming Digital Personal Data Protection (DPDP) Act of India, 100% of our customer data is hosted and processed within India. Our primary infrastructure is located in the AWS Asia Pacific (Mumbai) region (ap-south-1).
2. Encryption
All data transmitted to and from the Ciruss OS platform is encrypted using industry-standard TLS 1.3. Data at rest is encrypted using AES-256 encryption. We utilize AWS Key Management Service (KMS) for secure key storage and rotation.
3. Access Control and Authentication
Access to production systems is strictly limited to authorized personnel who require it to perform their job duties. We enforce Multi-Factor Authentication (MFA) for all administrative access. Customer authentication is secured with strict password policies and active session management.
4. Compliance
We are actively working towards our SOC 2 Type II certification. Our infrastructure providers (AWS) hold ISO 27001, SOC 1, SOC 2, and SOC 3 certifications. We perform regular internal audits and continuous monitoring to maintain a secure posture.
5. Incident Response
In the event of a security incident, we have a formal incident response plan that includes procedures for containment, investigation, and communication. Customers will be notified promptly in accordance with applicable laws and our Data Processing Agreement.