Security
Security is not a feature we add โ it is the foundation of how we build and operate. This page summarises how we protect our systems, our clients and their data.
Our approach
We apply defence-in-depth: layered controls across identity, network, data and application, so no single failure exposes the whole. We assume breach, minimise blast radius, and monitor continuously.
How we protect data
- Encryption of data in transit and at rest using industry-standard algorithms.
- Least-privilege access with strong authentication and regular access reviews.
- Continuous monitoring across network and security signal, watched 24ร7 by our operations centre.
- Database activity monitoring so privileged access to sensitive data is visible and accountable.
Governance & standards
Our practices are aligned to recognised frameworks including ISO 27001 and industry benchmarks such as PCI-DSS and the CIS Controls, and are designed to support our clients' GDPR and DPDP Act obligations. We review and improve them continuously.
Responsible disclosure
If you believe you have found a security vulnerability in our systems, we want to hear from you. Please report it responsibly to security@abormic.in. We commit to acknowledging reports promptly, investigating in good faith, and not pursuing action against researchers who act in good faith and avoid privacy violations or service disruption.
Please do not publicly disclose a vulnerability until we have had a reasonable opportunity to address it. We will keep you updated throughout.