ASK-AYURVEDA.COM SECURITY POLICY

Effective Date: 25th November, 2024

This Security Policy ("Policy") outlines the security measures implemented on AskAyurveda.com ("Platform"), operated by  Alveda Life India Private Limited ("Company"), registered in India under CIN U86909MH2023FTC406696, with its registered office at Unit No. 05, Ground Floor A Wing, Royal Residency, Katemanivali, Kalyan, Thane, Maharashtra - 421306, India.

By using the Platform, you acknowledge and agree to the security practices outlined in this Policy. If you do not agree, please discontinue use immediately.

1. SECURITY COMMITMENT

• The Company is committed to maintaining the confidentiality, integrity, and availability of user data.
• The Company continuously monitors, evaluates, and improves security controls to address emerging threats, vulnerabilities, and industry best practices.
• Security patches and updates are applied in a timely manner to mitigate risks associated with known vulnerabilities.

2. DATA PROTECTION MEASURES

• User data, including personal and financial information, is protected using industry-standard encryption protocols, such as SSL/TLS, during transmission and AES encryption for stored data.
• Access to sensitive data is strictly controlled and limited to authorized personnel who require such access to perform their duties.
• Regular internal and external security audits are conducted to identify and mitigate vulnerabilities in the system. The Company also ensures compliance with relevant privacy and data protection laws.

3. ACCOUNT SECURITY

• Users are required to create strong passwords for their accounts, which should include a combination of uppercase letters, lowercase letters, numbers, and special characters.
• Users are encouraged to enable two-factor authentication (2FA) where available to enhance account security.
• In the event of suspicious login activity or potential account compromise, the Company may temporarily suspend the account and request additional security verification.
• Users should immediately report any suspected unauthorized access to their account by contacting info@ask-ayurveda.com.

4. PAYMENT SECURITY

• All payment transactions are processed through third-party payment gateways that comply with the Payment Card Industry Data Security Standard (PCI-DSS).
• The Company does not store or process full payment details, such as credit card numbers or bank account information, on its own servers. These details are handled securely by PCI-DSS compliant payment processors.
• Payment transactions are encrypted to prevent unauthorized access and ensure the safety of financial information.

5. THREAT DETECTION AND RESPONSE

• The Platform employs advanced intrusion detection systems (IDS) and firewall protections to detect and prevent unauthorized access to its systems and data.
• Automated monitoring tools are used to continuously scan for potential cyber threats, such as malware or hacking attempts.
• In the event of a security breach, the Company has an incident response plan in place, which includes immediate containment, investigation, and resolution of the breach. Affected users will be notified as required by law.

6. USER RESPONSIBILITIES

• Users must not attempt to bypass or disable any security controls or engage in unauthorized activities on the Platform, including attempting to gain unauthorized access to the Platform or other users’ accounts.
• Users are responsible for ensuring that their personal devices (such as computers, smartphones, etc.) are secure and protected with up-to-date antivirus software, firewalls, and other security measures.
• Users should be vigilant against phishing, fraud, or social engineering attempts. Any suspicious or fraudulent activity should be reported immediately to info@ask-ayurveda.com.

7. DATA BREACH NOTIFICATION

• In the unlikely event of a data breach involving user information, the Company will notify affected users promptly and in accordance with applicable data protection laws, such as the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and other related laws.
• The Company will take immediate and appropriate steps to contain and resolve any security incident, and work with relevant authorities to address any potential risks to user data.

8. COMPLIANCE AND LEGAL FRAMEWORK

• The Platform complies with applicable laws and regulations governing data security and privacy, including the Indian Information Technology Act, 2000, and the General Data Protection Regulation (GDPR) for users in the European Union, where applicable.
• Users outside of India should verify that their use of the Platform complies with local cybersecurity and data protection laws in their respective jurisdictions.
• The Company ensures that it meets international standards for information security, including but not limited to ISO/IEC 27001 certification, where applicable.

9. CHANGES TO THIS POLICY

• The Company reserves the right to modify or update this Security Policy at any time. Any changes to this Policy will be posted on the Platform, with the updated effective date.
• Continued use of the Platform after modifications to this Policy constitutes acceptance of the updated terms.
• Users are encouraged to review this Policy periodically to stay informed of the security practices and any changes that may be made.

10. GOVERNING LAW AND DISPUTE RESOLUTION

• This Security Policy is governed by and construed in accordance with the laws of India.
• Any disputes arising out of or related to this Policy shall be resolved through negotiation and, if necessary, arbitration under the jurisdiction of courts in Bhopal, Madhya Pradesh, India.

For security-related inquiries, please contact info@ask-ayurveda.com.