Back

Batchmates

Security & Compliance

Statement of Compliance

Security & ComplianceStandards

Batchmates is committed to maintaining the highest standards of security, privacy, and compliance to protect our student community and their data.

Adheres to the System and Organization Controls (SOC) 2 framework.

Security

Protection against unauthorized access through robust security controls and monitoring systems.

  • Multi-factor authentication (MFA)
  • Role-based access control (RBAC)
  • Real-time threat detection
  • Security information and event management (SIEM)
  • Regular security audits

Availability

99.9% uptime guarantee with redundant systems and disaster recovery procedures in place.

  • Redundant infrastructure across multiple availability zones
  • Automated failover systems
  • Load balancing and traffic management
  • Regular disaster recovery drills
  • Business continuity planning

Processing Integrity

Data processing is complete, valid, accurate, timely, and properly authorized.

  • Input validation and sanitization
  • Automated integrity checks
  • Transaction logging and audit trails
  • Error detection and correction mechanisms
  • Quality assurance processes

Confidentiality

Sensitive information is protected through encryption, access controls, and secure transmission.

  • End-to-end encryption
  • Data classification systems
  • Secure data transmission protocols (TLS 1.3)
  • Access logging and monitoring
  • Confidentiality agreements with all staff

Privacy

Personal information is collected, used, retained, and disclosed in accordance with privacy policies.

  • Privacy by design principles
  • Data minimization practices
  • Consent management systems
  • Privacy impact assessments
  • Compliance with GDPR, CCPA, and India's DPDP Act 2023

Documentation

Comprehensive documentation of all policies, procedures, and control activities.

  • Documented security policies and procedures
  • Change management documentation
  • Incident response playbooks
  • Training and awareness materials
  • Regular policy reviews and updates

Current Certifications

  • SOC 2 Type II Compliance (Annual)
  • ISO 27001:2013 Information Security Management (Planned)
  • Compliance with India's IT Act 2000 and IT Rules 2021
  • Compliance with Digital Personal Data Protection Act (DPDP) 2023

Regulatory Compliance

  • India's Information Technology Act, 2000
  • IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
  • Digital Personal Data Protection Act (DPDP), 2023
  • General Data Protection Regulation (GDPR) - for EU users
  • California Consumer Privacy Act (CCPA) - for California users

Data Protection

End-to-end encryption for all sensitive communications

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • Encrypted database connections

Regular data backups with secure, geographically distributed storage

  • Automated daily backups
  • Multi-region backup replication
  • Point-in-time recovery capabilities
  • Backup encryption and integrity verification

Automated data loss prevention (DLP) systems

  • Real-time data monitoring
  • Sensitive data detection and classification
  • Policy-based data protection
  • Incident alerting and response

Infrastructure Security

Multi-tier network security architecture

  • Network segmentation
  • Firewall protection at multiple layers
  • Virtual Private Cloud (VPC) isolation
  • DMZ for external-facing services

Intrusion detection and prevention systems (IDPS)

  • Real-time threat detection
  • Automated threat response
  • Behavioral analysis and anomaly detection
  • Integration with threat intelligence feeds

Regular penetration testing and vulnerability assessments

  • Quarterly penetration testing by certified ethical hackers
  • Monthly vulnerability scans
  • Annual third-party security assessments
  • Bug bounty program (coming soon)
  • Right to Access (Request copy of personal data)
  • Right to Rectification (Request correction of inaccurate/incomplete data)
  • Right to Erasure (Request deletion, subject to legal retention)
  • Right to Restrict Processing (Request limitation of data processing)
  • Right to Data Portability (Receive data in structured, machine-readable format)
  • Right to Object (Object to processing for certain purposes)
  • Right to Withdraw Consent (Withdraw previously given consent)
  • Contact to exercise rights: connect@batchmates-app.com

Dedicated security incident response team available 24/7.

  • 1. Detection & Analysis
  • 2. Containment (Immediate isolation, prevention of further damage, evidence preservation)
  • 3. Eradication (Root cause analysis, removal of threat, system hardening)
  • 4. Recovery (System restoration, validation, service resumption)
  • 5. Post-Incident (Detailed report, lessons learned, process improvement, user notification)

Vendor Assessment

  • Security questionnaires
  • Compliance verification
  • Contract review for data protection clauses
  • Regular security audits
Maintained with all data processors ensuring security measures, confidentiality, data breach notification, and subprocessor management.

Infrastructure hosted in Tier III/IV data centers with 24/7 physical security, biometric access controls, environmental controls, and redundant power/network.

Grievance Officer

Aaryaan Singhaniaconnect@batchmates-app.com+91 9136450883

Monday to Friday, 10:00 AM - 6:00 PM IST

Data Retention

Registration Information

180 days from the date of cancellation or withdrawal of registration

Removed Content

180 days for investigation purposes, or such longer period as may be required by the Court or by authorized Government Agencies

Security Issues

connect@batchmates-app.com

Privacy Issues

connect@batchmates-app.com