Data Residency & Security Statement
Data Residency & Security Statement
EasyOTP (Operated by Braintech Corporation Private Limited)
Effective: August 2025
1. Introduction
This Data Residency & Security Statement outlines how EasyOTP (operated by Braintech Corporation Pvt. Ltd.) manages data storage, residency, and security controls across its global infrastructure. The purpose of this document is to provide transparency to Vendors and Users regarding where and how personal data is stored, processed, and protected.
2. Data Residency
EasyOTP ensures that personal data is stored in compliance with applicable data residency laws. We operate on a regional storage model as follows:
• United States (US): For data collected by or on behalf of U.S.-based Vendors and Users
• European Union (EU): For data collected by or on behalf of EU/EEA Vendors and Users.
• India: For data collected by or on behalf of Indian Vendors and Users
• Singapore: For data collected outside of India, EU, or US regions (Rest of World).
Data remains stored in the relevant regional infrastructure by default. Cross-border transfers only occur where permitted under law and are safeguarded by Standard Contractual Clauses (SCCs) or equivalent mechanisms.
3. Security Practices
EasyOTP applies industry-standard security practices, aligned with SOC 2 Type II and ISO 27001 frameworks, including:
• Encryption in transit (TLS 1.2+).
• Encryption at rest (AES-256).
• Role-based access controls with multi-factor authentication.
• Network segmentation and firewalling.
• Regular penetration testing and vulnerability assessments.
• Continuous monitoring and logging of security events.
• Incident response protocols with 24/7 escalation.
4. Data Access & Segregation
• Customer data is logically segregated to prevent unauthorized cross-customer access.
• Access to production data is restricted to authorized personnel with documented approval.
• All access is logged and auditable.
• Data retention is minimized based on legal, regulatory, and business needs.
5. Compliance Frameworks
EasyOTP ensures compliance with the following frameworks:
• GDPR (EU)
• DPDP Act (India)
• HIPAA (U.S. healthcare contexts)
• CCPA/CPRA (California, U.S.)
• PDPA (Singapore)
Independent audits, certifications, and third-party assessments support our commitment to compliance and security.
6. Subprocessors
EasyOTP may engage subprocessors (such as AWS, Google Cloud, or equivalent infrastructure providers) to deliver services. Subprocessors are contractually bound to meet or exceed EasyOTP’s security and data protection obligations. The current list of subprocessors is available at: https://easyotp.com/legal/subprocessors
7. Incident Response & Breach Notification
EasyOTP maintains an incident response plan that includes:
• 24/7 monitoring and escalation.
• Vendor and regulator notifications within legally mandated timeframes.
• Root cause analysis and corrective action implementation.
8. Updates to This Statement
EasyOTP may update this Statement from time to time to reflect changes in law, technology, or business practices. Vendors and Users will be notified of material changes.
9. Version Control
|
Version |
Date |
Description of Changes |
Approved By |
|
1.0 |
Aug 2025 |
Expanded Data Residency, Security Practices, Incident Response, and Subprocessors sections. |
Legal/Compliance |