Enterprise-Grade Security Infrastructure
GateFlux is designed with infrastructure-level security principles. Your community's data deserves the highest level of protection.
Infrastructure-Level Security
Comprehensive security measures designed to protect your community's data and ensure regulatory compliance.
End-to-End Encryption
All data is encrypted in transit using TLS 1.3 and at rest. Your sensitive information is protected at every stage.
- End-to-end encryption in transit
- Secure cloud-hosted infrastructure
- Encrypted backups
- Strict access policies
Role-Based Access Control
Each user operates within clearly defined permissions. No cross-role privilege exposure.
- Residents
- Security Personnel
- Committee Members
- Administrators & Vendors
Audit & Traceability
Every critical action is logged with complete audit trail visibility.
- Visitor approvals
- Financial transactions
- Role modifications
- System configuration changes
Secure Cloud Infrastructure
Hosted on enterprise-grade cloud infrastructure with database isolation per community.
- Database isolation per community
- Secure cloud-hosted
- Multi-region deployment
- 24/7 monitoring
Data Isolation
Each community's data is completely isolated. No data mixing or cross-contamination possible.
- Dedicated database per community
- Isolated storage
- Separate encryption keys
- Independent backups
Backup & Disaster Recovery
Automated backups with redundancy mechanisms and business continuity design.
- Automated backups
- Redundancy mechanisms
- Recovery planning
- Business continuity design
SOC 2 Trust Service Criteria
GateFlux is architected around the AICPA SOC 2 framework. Our controls address all five Trust Service Criteria relevant to residential management platforms.
Logical & Physical Access
Granular RBAC with capability-based permissions per role. TOTP two-factor authentication enforced for admin accounts. Secure cookies, CSRF tokens, and 30-minute idle session timeout.
System Monitoring
Immutable audit logs with SHA-256 checksums covering all critical actions. Structured logging via Loki/Elasticsearch with Slack and Sentry alerting. 90-day security-channel retention.
Change Management
Deployments follow a structured pipeline with code review, staging validation, and release notes before production rollout.
Availability
99.9% uptime SLA backed by redundant cloud infrastructure, automated failover, and 24/7 health monitoring across database, Redis, queue, and storage layers.
Confidentiality
Secrets encrypted with AES-256-CBC. Passwords hashed with bcrypt. Tenant data isolated per-database — cross-community access is architecturally impossible.
Privacy
Audit log retention by action severity (1–3 years). Data minimisation enforced in collection. Soft-delete with anonymisation workflow implemented for Art. 17 compliance.
GDPR Data Protection Compliance
GateFlux processes personal data of residents, visitors, and staff in accordance with GDPR principles — transparency, minimisation, and individual rights.
Data Minimisation
Only data necessary for community operations is collected. Sensitive fields (passwords, 2FA secrets) are masked in audit trails. No third-party data sharing for advertising.
Lawful Basis
Processing based on contractual necessity (community membership agreement) and legitimate interest (gate security, visitor management, financial billing).
Transparency
Privacy policy disclosed at onboarding covering what data is collected, how it is used, retention periods, and who can access it.
Right to Erasure
Soft-delete with personal data anonymisation workflow for departed residents. Audit log entries for compliance are preserved but personal identifiers are removed on request.
Data Portability
Authorized admins can export resident profiles, visitor history, complaints, and financial records in JSON/CSV formats on request.
Security of Processing
AES-256-CBC encryption for secrets, bcrypt-hashed passwords, OWASP security headers, rate limiting, input sanitisation, and immutable audit logs with checksum verification.
Data Processing Agreement (DPA)
Enterprise customers can request a signed DPA covering sub-processor lists, data retention schedules, breach notification obligations, and standard contractual clauses (SCCs) for cross-border transfers.
Digital Personal Data Protection Act Compliance
GateFlux is purpose-built for Indian residential communities. As a Data Processor, GateFlux supports society committees (Data Fiduciaries) in fulfilling their obligations under India's DPDP Act, 2023.
Consent & Lawful Basis
Residents provide explicit, informed consent at onboarding. Consent is specific to purpose (gate security, billing, governance). Withdrawal triggers the S.12 erasure workflow.
Notice to Data Principal
Privacy notice at registration covers data categories, purpose, retention period, and how to exercise rights — available in English and Hindi.
Data Fiduciary Obligations
GateFlux maintains data accuracy, implements security safeguards, and deletes personal data once purpose is fulfilled or consent withdrawn (resident offboarding workflow).
Children's Data
Accounts for users under 18 require parental/guardian consent before activation. Behavioural profiling is disabled for minors.
Rights of Data Principal
Data principals can request a full personal data export (S.11) and submit erasure requests (S.12) directly from the app. Requests are processed within 30 days.
Grievance Redressal
Designated Grievance Officer reachable at privacy@gateflux.co. Grievances acknowledged within 48 hours and resolved within 30 days.
Breach Notification
Data breaches are reported to the Data Protection Board of India (DPBI) within 72 hours, and affected Data Principals are notified without undue delay.
Data Retention & Deletion
Personal data retained only for its stated purpose. Automated retention schedules enforce deletion. Audit records follow regulatory retention periods.
Right to Nominate
Residents will be able to designate a nominee to exercise data rights on their behalf after death or incapacity — currently in development.
Grievance Officer — DPDP Act 2023
Residents and data principals can raise grievances with our designated officer. Responses within 48 hours · Resolution within 30 days.
Enterprise-Class Infrastructure
GateFlux runs on world-class cloud infrastructure designed for reliability, scalability, and security. Our architecture ensures your community never experiences downtime.
99.9% Uptime SLA
Guaranteed availability with automatic failover and redundant systems.
Multi-Region Deployment
Data centers across multiple regions for low latency and compliance.
24/7 Monitoring
Round-the-clock system monitoring with automated alerts and response.
Infrastructure Metrics
Granular Role-Based Permissions
Every user type has precisely defined access levels. Customize roles to match your community's organizational structure and ensure data access is strictly controlled.
Role Hierarchy
Continuous Security Commitment
Security is not a feature—it's a continuous process. We maintain rigorous security practices to keep your data safe.
- Regular penetration testing by third-party security firms
- Continuous vulnerability scanning and patching
- Security awareness training for all employees
- Incident response procedures with defined SLAs
- Code review and security audits before deployment
- Bug bounty program for responsible disclosure
Have Security Questions?
Our security team is ready to discuss your specific requirements. Request a security briefing or download our detailed security whitepaper.