SECURITY & COMPLIANCE

Security and privacy, built in by design.

Encryption, granular access control, full audit trail, and bring-your-own-storage — engineered to support GDPR, UK GDPR, India's DPDP Act, and POPIA for customers worldwide.

HOW WE PROTECT YOUR DATA

A defence-in-depth approach

Encryption everywhere

Data is encrypted in transit (TLS 1.2+) and at rest. Sensitive secrets are managed with strict key handling. [PLACEHOLDER: cipher/KMS details]

Granular access control

Role-based access, maker-checker approval, least-privilege permissions, and optional SSO / advanced RBAC for enterprise.

Complete audit trail

Workflow and archive actions are logged with tunable retention, so you can prove who created, edited, or approved every document.

Bring your own storage

Your documents stay in your own Google Drive, OneDrive, S3, Azure, or NAS. You retain control of data location and ownership.

Resilient infrastructure

Encrypted backups and, for enterprise, multi-region high availability and disaster recovery with custom RTO/RPO. [PLACEHOLDER: hosting provider/regions]

Data residency options

Enterprise customers can request specific hosting regions to meet residency and sovereignty requirements.

REGULATORY ALIGNMENT

Designed for global data-protection law

Abscode DMS is built to help you meet your obligations across regions. We support customer compliance — certifications held by Abscode are listed below.

GDPR & UK GDPR (Europe / UK)

Data Processing Agreement with Standard Contractual Clauses (and the UK Addendum) for transfers to India, support for data-subject rights, and breach notification. Abscode has no EU/UK establishment; an Article 27 representative is appointed where required. [PLACEHOLDER: confirm]

DPDP Act 2023 (India)

Notice-and-consent handling, purpose limitation, and support for Data Principal rights under India's Digital Personal Data Protection Act.

POPIA (South Africa)

Processing aligned to POPIA's lawful-processing conditions, with operator agreements and data-subject request support.

Industry frameworks

Capabilities that support ISO 9001/14001/45001, NABH, RBI Master Direction, and ICAI requirements through maker-checker, retention, and audit features. [PLACEHOLDER: list any certifications Abscode itself holds, e.g. ISO 27001 / SOC 2]

Sub-processors

We use a small number of vetted sub-processors under data-protection contracts (cloud hosting, email/notification delivery, and payment processing — Razorpay for India, Stripe elsewhere). A current list is available on request.

Data Processing Agreement (DPA)

A DPA — including SCCs for international transfers — is available to customers. Request it at privacy@abscode.com.

Report a vulnerability

We welcome responsible disclosure. If you believe you have found a security issue, email security@abscode.com [PLACEHOLDER: confirm security inbox]. Please do not publicly disclose until we have responded. For confirmed personal-data breaches, we notify affected customers and authorities as required by GDPR, DPDP, and POPIA timelines.

Read our Privacy Policy