Security
Our commitment to security and responsible disclosure
Our Security Philosophy
We build production data infrastructure for a living. Security is not bolted on at SIVARO — it is engineered into every system from day one. Our team has designed and operated systems processing 200K+ events per second across finance, analytics, and AI workloads.
Infrastructure Security
- All traffic encrypted in transit (TLS 1.3 minimum)
- Zero-trust network architecture with least-privilege access
- Cloudflare WAF and DDoS protection on all public endpoints
- All infrastructure managed as code — no manual configuration drift
- Encrypted secrets management (no plaintext credentials)
Data Protection
- Client data segregated by tenant with strict access controls
- Encryption at rest for all storage layers
- Data retention and destruction policies enforced via automation
- No client production data accessed without explicit authorization
Application Security
- Regular dependency scanning and patching
- HTTPS-only with HSTS headers
- X-Frame-Options: DENY, X-Content-Type-Options: nosniff, strict Referrer-Policy
- No cookies used for tracking beyond anonymous analytics
Vulnerability Disclosure
If you discover a security vulnerability on any SIVARO system, please report it responsibly. We investigate all legitimate reports promptly.
Contact: founder@sivaro.in
We ask that you:
- Provide sufficient detail to reproduce the issue
- Allow reasonable time for remediation before public disclosure
- Do not access or modify data beyond what is necessary to demonstrate the vulnerability
Contact
For security-related inquiries: founder@sivaro.in