Hello Auditor is committed to maintaining the highest level of security for all client, business, and website data. This Security Policy outlines the measures, protocols, and best practices implemented to protect sensitive information in compliance with the Information Technology Act, 2000 (Sections 43A & 72A) and IT Rules, 2011.

This Security Policy applies to:

All website data and user interactions

Client business and financial information

Company operational systems, software, and internal communications

Third-party service integrations

The policy governs data storage, access, transmission, and disposal, ensuring comprehensive protection across all touchpoints.

Hello Auditor employs advanced technical measures to safeguard digital assets:

1 . Encryption : All sensitive data, including client documents, tax filings, and company registration records, is encrypted using industry-standard SSL/TLS protocols during transmission and at rest.

2. Firewalls and Intrusion Detection Systems: Multi-layered firewalls and real-time monitoring detect and prevent unauthorized access

3. Role-Based Access Control: Only authorized personnel have access to specific data based on job responsibilities, reducing internal security risks.

4. Regular Security Audits: Periodic vulnerability assessments and penetration tests are conducted to identify and remediate potential threats.

Example:
Client PAN, GST, and financial data submitted for tax filing or statutory compliance are encrypted and accessible only to designated auditors and compliance officers.

All physical documents are stored in secure, access-controlled environments.

Offices and storage facilities are equipped with surveillance systems to prevent unauthorized entry or tampering.

Confidential files are retained as per the Companies Act, 2013, and other regulatory requirements, and then securely disposed of when retention periods expire.

Example:
Hard copies of audit reports or ISO certification templates are stored under lock and key, with access limited to senior auditors.

Staff are trained on data protection, cybersecurity protocols, and legal compliance.

Confidentiality agreements bind all employees, consultants, and third-party vendors.

Policies cover safe handling of client documents, secure email communication, and protection against phishing or social engineering attacks.

Legal Reference:

Compliance with the IT Act, 2000, ensures accountability and enforceable obligations for all personnel handling sensitive information.

Secure third-party services are used for analytics, payment processing, and operational support.

All third-party partners sign confidentiality and data protection agreements to comply with legal standards.

Example:
Payment gateways for business registration fees or statutory filings are integrated securely, ensuring encrypted transmission of financial data.

Any security breach or data compromise is addressed immediately.

Remediation measures include system isolation, investigation, and mitigation to prevent recurrence.

Example:
If unauthorized access to client tax files is detected, affected clients are informed, and corrective measures are implemented promptly.

For security-related concerns or reporting incidents:

Email: hello@helloauditor.com

Phone: 99 62 39 39 39