Privacy Policy

Data Privacy

Flamenco Tech honours and values data privacy and treat data with utmost care. We have implemented data privacy models into the Digital Blanket® Platform as well as on all our applications. We follow a model of proxy data wherever data needs to be collected. We do not profile personnel, nor do we collect any privacy data. All sensitive data is encrypted during transmission and in store. Data access is strictly enforced through AAA controls.

Platform Security

Flamenco Tech tests our IoT platform periodically for VA/PT by reputed third party companies. We document any references – Major or Minor, evaluate all inputs and take remedial action and get this tested again.

Our in-house checklist for VA/PT for all developers and testers for every release. As part of VA / PT, we perform tests on OWASP top 10 and SANS Top 25 and Mitre published checklists.

Hardware Security

DB Sensor Network Platform is built with high levels of security including secure boot, cryptographic secured tokens, tamper proofing, device hardening and device authentication with RSA Keys.

Digital Blanket® enforces all devices to be registered on the system. This unique registration enforces a discipline and hence a handshake that eliminates rogue devices from connecting. All IOT hardware must be identified by custom provided GUID by our software, the communication is allowed to the server from an authorized GUID only. Assignment of GUID is through our platform, no one can reset it manually.

Data Encryption

AES256 bit encryption is enabled between IOT Edge devices to Software deployed at cloud. All communications from mobile app / Web Interface and Kiosk interfaces are through SSL 256-bit encryptions, ensuring data packet life cycle authenticity from origin to destination.

Security Incident Response

Flamenco Tech adheres to “IT Security response plan” process defined in line with ISO 27001 standard. During any IT Security incident is observed, Security Incident Response Team (SIRT) work towards the following:

  • Initial assessment of the incident.
  • Communicate to respective stake holders on the incident.
  • Identify the type and severity of the incident or compromise.
  • Protect the evidence.
    Arrive at the impact of the incident and contain the damage and minimize the risk.
  • Notify external agencies, if appropriate.
    Recover the affected systems.
  • Compile and organize incident documentation and arrive on Root cause.
    Assess incident damage and cost.
  • Review the response and update / strengthen existing policies.
Scroll to Top