Security Policy

We employ industry-standard encryption protocols to protect data both in transit and at rest:

• — In Transit: All communications between your browser and our servers are encrypted using TLS 1.2 or higher (HTTPS). We enforce HTTP Strict Transport Security (HSTS) to prevent protocol downgrade attacks.
• — At Rest: Sensitive data stored on our servers is encrypted using AES-256 encryption. Database backups are encrypted and stored in secure, access-controlled environments.
• — Key Management: Encryption keys are managed through secure key management practices with regular rotation schedules and strict access controls.

Our infrastructure is designed with defense-in-depth principles to ensure multiple layers of protection:

• — Web application firewall (WAF) to detect and block malicious traffic
• — DDoS mitigation and rate limiting on all public-facing endpoints
• — Network segmentation to isolate critical systems from public-facing services
• — Regular security patches and automated vulnerability scanning
• — Intrusion detection and prevention systems (IDS/IPS) with real-time alerting
• — Redundant systems and automated failover to ensure service continuity

Access to systems, data, and infrastructure is governed by the principle of least privilege:

• — Role-based access control (RBAC) ensures personnel access only the systems and data required for their duties
• — Multi-factor authentication (MFA) is required for all administrative and privileged access
• — Access logs are maintained and audited regularly to detect unauthorized activity
• — Employee access is reviewed quarterly and revoked immediately upon role change or termination
• — All personnel with access to sensitive systems undergo background verification checks

As a defense and aerospace technology company, we adhere to stringent regulatory and industry standards:

• — ISO 9001:2015 — Quality Management System certification ensuring consistent quality in design, development, and delivery
• — AS9100 — Aerospace-specific quality management standard for aviation, space, and defense organizations
• — ITAR Compliant — International Traffic in Arms Regulations compliance for controlled defense articles and services
• — Defense License — Licensed by the Government of India for design, development, and manufacturing of defense equipment

We conduct regular internal and external audits to ensure ongoing compliance with all applicable standards and regulations.

We value the security research community and encourage responsible disclosure of any vulnerabilities discovered on our website or systems. If you identify a potential security vulnerability, please report it to us promptly.

Reporting Guidelines:

• — Send vulnerability reports to contact@invente.io with the subject line "Security Vulnerability Report"
• — Include a detailed description of the vulnerability, including steps to reproduce
• — Do not exploit the vulnerability beyond what is necessary to demonstrate it
• — Do not access, modify, or delete data belonging to other users
• — Allow us reasonable time to investigate and remediate before any public disclosure

We commit to acknowledging all valid reports within forty-eight (48) hours and will work diligently to remediate confirmed vulnerabilities in a timely manner.

Invente.io maintains a formal incident response plan to address security events swiftly and effectively:

• — Detection: Continuous monitoring systems provide real-time alerts for anomalous activity, unauthorized access attempts, and potential breaches.
• — Containment: Upon detection of a security incident, affected systems are immediately isolated to prevent further exposure.
• — Investigation: A thorough forensic investigation is conducted to determine the scope, cause, and impact of the incident.
• — Notification: Affected parties and relevant authorities are notified in accordance with applicable laws and regulations.
• — Recovery: Systems are restored to full operational status with enhanced safeguards to prevent recurrence.
• — Post-Incident Review: Every incident is followed by a comprehensive review to identify lessons learned and improve our security posture.

All Invente.io employees and contractors receive mandatory security awareness training upon onboarding and on a recurring annual basis. Training covers topics including phishing awareness, data handling procedures, password management, physical security protocols, and incident reporting obligations. Personnel working with classified or export-controlled materials receive additional specialized training in accordance with applicable regulations.

For security-related inquiries, vulnerability reports, or questions regarding this policy, please contact us:

Invente.io (a division of the Pilani Group)

Kondapur, Hyderabad, India

Email: contact@invente.io

Website: invente.io