Security Policies & Procedures
We understand that when you use Onionpy, you are entrusting us with one of your most valuable assets - the organizational data of your company or your client. We treat this responsibility very seriously.
Physical & Network Security
We use Linode's platform and infrastructure for OnionPy Voice. Ikyam employees do not have any physical access to our production environment.
Here are more details about security setup of Linode.
#1 Your data
We do connect to SAAS services or apps you use inorder to load data into our platform. We use this data purely for providing the services as per our contract. We ensure that you have the controls necessary to manage access to your data.
When you delete a company or unregister a store that was imported from a cloud system (eg. Xero, MYOB AccountRight Live, QuickBooks Online), we also delete any associated access tokens and data, ensuring we can no longer access your company data through the service provider's API.
If at any time you wish to remove a company from Onionpy Voice, you can simply delete the company from within Onionpy Voice Portal. The data will exist in our offsite backup for a period of time and then be removed ensuring no data remains with Ikyam.
#2 Application Security
Secure Access: OnionPy Voice application servers can be accessed only via HTTPS. We use industry standard encryption for data traversing to and from the application servers.
XSS: All user inputs are properly encoded when displayed to ensure XSS vulnerabilities are avoided.
CSRF: All POST requests are checked for CSRF token before processing the request
SQL Injection: We use prepared statements or equivalent of the same for database access to avoid SQL Injection.
Encrypted Data Storage: We do not store sensitive details on any OnionPy/Ikyam network. Credit Card details are stored only in the partner portals which are PCI compliant. The keys for various third party services (like QuickBooks, Xero) are stored in our database in encrypted form.
#3 Vulnerability Scanning & Patching
We periodically check and apply patches for third party software/services. As & when vulnerabilities are discovered we apply the fixes. We do periodic vulnerability scanning using the services of an authorized QSA.
#4 Data Storage & Redundancy
We use our own proprietary DB for storing application data. The DB is configured with 1 level replication to ensure high availability. Automatic backup is configured. We backup data for up to 30 days.
We use both internal and multiple external monitoring services to monitor OnionPy Voice. Our monitoring system will alert the Operations & Security Team through emails and phone calls if there are any errors or abnormality in the request pattern.
We are working continuously to make our system secure. If you find any security issues, please submit it to firstname.lastname@example.org. We take security as our highest priority. We will make sure the issue is fixed and updated at the earliest.