Flashkart

Security Policy

Information Security for Omni-Channel Messaging Services

Last Updated: February 15, 2026Effective Date: February 15, 2026

1Introduction & Scope

This Security Policy establishes the framework for protecting customer data, maintaining service integrity, and ensuring compliance with Meta Platform requirements.

Objectives

  • Confidentiality & Integrity
  • Availability & Resilience
  • Compliance (Meta, GDPR, ISO 27001)

Scope

  • All Systems & Platforms
  • All Personnel & Vendors
  • All Data (Customer & Business)

3Data Protection & Encryption

Encryption Standards

  • In Transit: TLS 1.3/1.2 (AES-256-GCM).
  • At Rest: AES-256 for databases & backups.
  • WhatsApp: End-to-End Encrypted (Signal Protocol).
  • Keys: Managed via HSM/KMS with rotation.

Data Classification

  • Confidential (P2): Customer data (role-based access).
  • Restricted (P3): Credentials, keys (MFA required).
  • Internal (P1): Business ops data.
  • Public (P0): Marketing materials.

4Access Control & Auth

IAM & MFA

We enforce Multi-Factor Authentication (MFA) for all production access. Access follows the Principle of Least Privilege and RBAC.

Passwords

  • Min 12 chars (16 for admin).
  • 90-day rotation.
  • Bcrypt hashing with salt.

5Network & App Security

Network Architecture

DMZ, segmented internal networks, and rigorous firewall rules.

Monitoring (IDS/IPS)

Real-time traffic analysis and active threat blocking.

DDoS Protection

Cloud-based mitigation and rate limiting.

9Incident Response

Response Phases

1. Identification
2. Containment
3. Eradication
4. Recovery
5. Lessons Learned
Breach Notification: We notify authorities (GDPR/CCPA) and affected customers within 72 hours of discovery.

Security Contact

Report issues to security@flashkart.app.

Policy Version 1.0 • Information Security - Confidential

Chat on WhatsApp