How we protect your operations data.

MAFLO runs the operating system of your factory. The data — orders, BOMs, dispatch records, dealer ledgers, contractor wallets — is operationally sensitive. Here's the security posture in plain English.

Certifications

• ISO/IEC 27001:2022 — Proeffico is an ISO 27001 certified organisation. Annual surveillance audit on file.
• DPDP 2023 ready — See our DPDP notice for fiduciary duties and your rights.
• GST & statutory compliance — CIN U72900UP2020PTC137508, GSTIN 09AALCP5772C1Z5.

Hosting & data residency

MAFLO customer data is hosted on Indian-region cloud (AWS Mumbai or Azure India, per customer choice). On-prem deployment is available for Enterprise customers; in that case we operate to your internal SOC requirements.

Encryption

• TLS 1.2+ on all public surfaces (HSTS preloaded — see the response header on this very page).
• At-rest encryption via the cloud provider's managed keys.
• Application-layer encryption for sensitive sub-fields (e.g. payout tokens).

Access control

• Role-based access (RBAC) within every customer tenant.
• Audit log for every state-mutating action — FSM-validated workflow transitions, master edits, payout approvals.
• SSO (SAML/OIDC) on Enterprise.

Application security

• Annual third-party VAPT (Vulnerability Assessment & Penetration Testing).
• SonarQube + dependency-vulnerability scanning in the CI pipeline.
• Secure SDLC: code review on every change, no direct pushes to PROD.

Operational security

• Centralised logging + alerting on the ISO 27001 SIEM stack.
• Backups: daily encrypted, 35-day retention; geo-redundant copies for Enterprise.
• Incident response: 4-hr acknowledgement, named on-call.

Customer-facing assurance

For procurement / IT due-diligence, we share a Security Whitepaper, the latest ISO 27001 certificate, the most recent VAPT summary, our DPA template, and sub-processor list under NDA. Request via sales@proeffico.ai.

Related: Privacy · DPDP notice · Terms