Security Policy — VittSphere Technologies

At VittSphere Technologies, we handle sensitive financial data — income details, bank statements, GST returns, investment portfolios. We take this responsibility seriously and have implemented multiple layers of security to protect your data.

🔐

AES-256 Encryption

All stored financial data is encrypted using AES-256, the same standard used by banks and defence organisations.

🔒

HTTPS / TLS Everywhere

All data in transit is protected by HTTPS/TLS. No data travels over unencrypted connections.

🇮🇳

India-Only Servers

All data stored exclusively on servers located in India. No cross-border data transfer.

🛡️

DPDP Act 2023

Fully compliant with India's Digital Personal Data Protection Act 2023 and its rules.

👁️

Access Controls

Your financial data is accessible only to you and CA team members specifically assigned to your account.

🔑

Secure Authentication

Staff login requires 3-factor authentication: User ID + Password + Aadhaar verification. Math CAPTCHA for CA admin.

Data Storage & Location

VittSphere stores all user data exclusively on servers within India. We use Hostinger India-based infrastructure. We do not use any foreign cloud provider (AWS, Google Cloud, Azure) for storing Indian user financial data. This is our commitment — not just a compliance checkbox.

Encryption Standards

Data at Rest

All financial documents uploaded — AES-256 encrypted before storage
Passwords stored as bcrypt hashes — never in plain text
Database encryption at the field level for sensitive identifiers (PAN, Aadhaar)

Data in Transit

HTTPS enforced on all VittSphere domains
TLS 1.2 minimum, TLS 1.3 preferred
HTTP Strict Transport Security (HSTS) headers enabled
SSL certificates from trusted Certificate Authorities

Access Control

We implement strict role-based access:

You (client): Full access to your own data only
CA Admin (CA Prabhakar Kumar): Full platform access, Multi-factor login
CA Staff: Access only to cases assigned to them, 3-factor authentication (UID + Password + Aadhaar)
No third-party access: We never share access with advertisers, data brokers, or other third parties

DPDP Act 2023 Compliance

VittSphere complies with India's Digital Personal Data Protection Act 2023 including:

Clear notice and consent before collecting personal data
Data collected only for specified, lawful purposes
Data retention limited to the period necessary for the purpose
User rights: access, correction, deletion, and grievance redressal
Appointment of a Data Protection Officer (in progress)

CA Professional Secrecy

Our CA team members are bound by the ICAI Code of Ethics and professional secrecy obligations under the Chartered Accountants Act 1949. This adds a legal layer of protection beyond our platform privacy policy — your financial information is protected by professional law, not just contractual terms.

What We Do NOT Do

We do NOT sell your data to any third party
We do NOT use your financial data to train AI models without explicit consent
We do NOT serve advertisements using your data
We do NOT store your bank passwords or login credentials
We do NOT access your data for any purpose beyond providing our stated services

Security for Uploaded Documents

When you upload financial documents (bank statements, P&L, ITR):

Files are encrypted immediately upon upload
Accessible only to you and your assigned CA team member
Automatically deleted 90 days after your subscription ends (or earlier on request)
Never indexed by search engines

Responsible Disclosure

If you discover a security vulnerability in our platform, we request you to report it responsibly at security@vittsphere.com before public disclosure. We will acknowledge within 48 hours and work to resolve it. We appreciate security researchers who help keep our platform safe.

Our commitment: Your financial data is yours. We are custodians, not owners. We will never monetise, sell, or misuse information you entrust to us. This is not just policy — it is the professional oath of our CA team.

Contact — Security Team

Security issues: security@vittsphere.com
Privacy queries: privacy@vittsphere.com
VittSphere Technologies Private Limited · GSTIN: 27AAMCV0671P1ZL · CIN: U62099PN2026PTC253995