Platform Security.

Security as a Foundation

At Tikle, security is not an afterthought — it is built into every layer of our platform from the ground up. We are committed to protecting the confidentiality, integrity, and availability of all data that flows through our systems, whether it belongs to you, your organization, or the broader platform.

Continuous Improvement

The threat landscape evolves constantly. We continuously review, test, and improve our security controls to stay ahead of emerging risks. Our security program is reviewed at least annually and updated in response to new vulnerabilities, industry best practices, and regulatory guidance.

Shared Responsibility

Security is a shared responsibility between Tikle and our users. While we implement robust technical and organizational controls on our end, we also ask that users take reasonable steps to protect their own account credentials and report any suspicious activity promptly.

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS 1.2 or higher). We enforce HTTPS across all Platform endpoints and use HTTP Strict Transport Security (HSTS) to prevent protocol downgrade attacks.

Encryption at Rest

Sensitive data stored in our databases and file systems is encrypted at rest using AES-256, an industry-standard encryption algorithm. Encryption keys are managed using dedicated key management services with strict access controls and automatic rotation policies.

Data Minimization

We collect and retain only the data necessary to operate the Platform. Data that is no longer needed for its original purpose is securely deleted or anonymized in accordance with our data retention schedules.

Role-Based Access Control

Access to internal systems and customer data is governed by a strict role-based access control (RBAC) model. Employees are granted the minimum level of access necessary to perform their job functions — a principle known as least privilege.

Multi-Factor Authentication

Multi-factor authentication (MFA) is enforced for all internal Tikle systems and is available to all Platform users. We strongly recommend that all users enable MFA on their Tikle accounts to add an additional layer of protection beyond their password.

Access Reviews

We conduct periodic access reviews to ensure that permissions remain appropriate as roles and responsibilities change. Access is revoked promptly upon employee offboarding or role changes.

Session Management

User sessions are protected with secure, time-limited tokens. Sessions are invalidated upon logout and expire automatically after periods of inactivity to reduce the risk of unauthorized access from unattended devices.

Cloud Hosting

Tikle's infrastructure is hosted on industry-leading cloud providers that maintain rigorous physical and environmental security controls, including SOC 2 Type II and ISO 27001 certifications. Our cloud environments are isolated, regularly audited, and monitored 24/7.

Network Security

Our network architecture employs defense-in-depth principles including firewalls, network segmentation, intrusion detection systems (IDS), and Web Application Firewalls (WAF) to monitor and filter traffic for malicious activity.

DDoS Protection

We implement distributed denial-of-service (DDoS) mitigation at the network and application layers to maintain platform availability during volumetric attacks. Traffic anomaly detection triggers automated responses to absorb or filter attack traffic.

Vulnerability Management

We conduct regular automated and manual vulnerability scans across our infrastructure and application layers. Critical and high-severity vulnerabilities are prioritized and remediated within defined SLAs. Infrastructure is patched on a defined schedule, with out-of-cycle patches applied for critical zero-day vulnerabilities.

Secure Development Lifecycle

Security is integrated throughout our software development lifecycle (SDLC). Our engineers follow secure coding guidelines, and all code changes undergo peer review before deployment. We incorporate security requirements from the design phase through production release.

Penetration Testing

We engage independent third-party security firms to conduct penetration tests on our platform and infrastructure on a regular basis. Findings are triaged, prioritized, and remediated by our engineering team. We believe external validation is essential for maintaining a robust security posture.

OWASP Top 10 Controls

Our application security program addresses the OWASP Top 10 vulnerability classes, including injection attacks, broken authentication, cross-site scripting (XSS), cross-site request forgery (CSRF), insecure direct object references, and security misconfiguration.

Dependency Management

We actively monitor third-party libraries and dependencies for known vulnerabilities using automated software composition analysis (SCA) tools. Vulnerable dependencies are updated or replaced in accordance with our patching policy.

24/7 Security Monitoring

Our infrastructure and applications are monitored around the clock using a combination of automated security information and event management (SIEM) tools and on-call security personnel. Anomalous behavior triggers real-time alerts for immediate investigation.

Audit Logging

We maintain comprehensive audit logs of user and system activity, including authentication events, data access, configuration changes, and administrative actions. Logs are tamper-resistant, retained for defined periods, and reviewed regularly for suspicious patterns.

Alerting & Response

Security alerts are routed to the appropriate team members based on severity. Our on-call rotation ensures that critical alerts are acknowledged and acted upon promptly, any time of day.

Incident Response Plan

Tikle maintains a documented incident response plan that defines roles, responsibilities, and procedures for identifying, containing, eradicating, and recovering from security incidents. The plan is reviewed and tested at least annually through tabletop exercises.

Breach Notification

In the event of a confirmed security incident that affects your personal data, we will notify affected users and relevant regulatory authorities within the timeframes required by applicable law. Notifications will include a description of the incident, the data involved, and the steps we are taking to address it.

Post-Incident Review

Following any significant security incident, we conduct a thorough post-mortem analysis to identify root causes, document lessons learned, and implement measures to prevent recurrence.

Vendor Assessment

Before onboarding any third-party vendor that will have access to our systems or customer data, we conduct a security assessment to evaluate their controls, certifications, and compliance posture. Only vendors that meet our security standards are approved.

Contractual Obligations

All third-party service providers who handle personal data are required to sign data processing agreements (DPAs) that mandate appropriate security measures and limit their use of data to specified purposes.

Ongoing Oversight

We periodically reassess vendors to ensure they maintain acceptable security standards over time. Material changes in a vendor's security posture or compliance status trigger a formal review.

Strong Passwords

Use a strong, unique password for your Tikle account — one that is not reused across other services. We recommend using a password manager to generate and store complex credentials.

Enable MFA

We strongly encourage all users to enable multi-factor authentication in their account settings. MFA significantly reduces the risk of unauthorized access even if your password is compromised.

Protect Your Credentials

Never share your login credentials with others. Tikle staff will never ask for your password. If you receive a message requesting your credentials, treat it as a phishing attempt and report it to us immediately.

Reporting Suspicious Activity

If you notice any unusual activity on your account, or suspect that your credentials have been compromised, contact us immediately at info@tikle.in and change your password right away.

Responsible Disclosure Policy

We welcome and appreciate security researchers who responsibly disclose vulnerabilities in our platform. If you discover a security issue, please report it to us privately at info@tikle.in before disclosing it publicly. We ask for a reasonable amount of time to investigate and remediate the issue.

What to Include

When reporting a vulnerability, please include: a clear description of the issue, the steps required to reproduce it, the potential impact, and any supporting evidence such as screenshots or proof-of-concept code. The more detail you provide, the faster we can act.

Our Commitments

We will acknowledge your report within 3 business days, keep you informed of our progress, and notify you when the issue has been resolved. We will not pursue legal action against researchers who act in good faith in accordance with this policy.