Security at aasaan
aasaan is powered by Amazon Web Services. All aasaan systems restrict access to the fewest persons required to maintain them operational. Deployments are automated to all systems, and SSH is disabled on all machines with access to aasaan data to prevent unauthorized access to customer data.
All data exchanged with aasaan is done via the HTTPS protocol.
Data Storage & Access
Live aasaan data is kept in MongoDB on AWS, and access is restricted to systems that require read and write access to the data. We also do incremental, encrypted backups of the MongoDB datastore to Amazon S3 every 10 minutes, which is designed to provide 99.99% data durability in the case of a malfunction or catastrophic failure of MongoDB.
Unless required for support purposes, no aasaan employee will ever see your client data. If you contact us with a support issue that necessitates access to your customer data, we will ask for and wait for your approval before proceeding. We have an audit trail of consumer data access to avoid misuse. We would only access your customer data without your authorization in the event of a rare, emergency service incident that caused a system-wide disruption.
Passwords are filtered from all logs and one-way encrypted in the database with bcrypt. Login information is always transmitted via SSL.
Payment Data Safety
When you sign up for a paid account on aasaan, your payment information is sent to Razorpay, a business committed to storing your sensitive data on PCI-compliant servers. Our servers do not store or even see the data of your payment method.
For More Information
If you require any further information or clarifications, please write to us at email@example.com