Security Policy

Last updated: March 2026

Girijee Tech Innovation Private Limited takes the security of your data seriously. This policy describes our security measures.

1. Data Encryption

• In Transit: All data is encrypted using TLS 1.2+ (HTTPS). HTTP connections redirect to HTTPS automatically.
• Passwords: All passwords are hashed using bcrypt — plain-text passwords are never stored.
• Payment Data: We do not store payment card details or UPI credentials. All payment processing uses Razorpay's PCI-DSS compliant infrastructure.

2. Authentication Security

• OTP Verification: All new accounts require email OTP verification
• Rate Limiting: 5 failed login attempts triggers a 30-minute lockout
• Session Security: Session IDs regenerate on every login
• Admin 2FA: All admin access requires Two-Factor Authentication (TOTP)

3. Infrastructure Security

• Hosted on Hostinger Business with enterprise-grade physical security
• PHP execution blocked in the uploads folder — uploaded files cannot execute code
• All user inputs validated and sanitised server-side
• All database queries use PDO prepared statements — SQL injection prevented
• config.php blocked from direct web access via server configuration

4. Payment Security

• Razorpay is PCI-DSS Level 1 certified
• Payment signatures verified using HMAC-SHA256
• Webhook payloads authenticated using Razorpay signature verification

5. Responsible Disclosure

If you discover a security vulnerability, please email support@mydgid.com with subject "Security Vulnerability Report". We acknowledge within 48 hours and will not pursue legal action against good-faith security researchers.

6. Incident Response

In the event of a data breach affecting user personal data, we will notify affected users within 72 hours and report to relevant authorities as required under applicable Indian law.