Infrastructure security
Byld360 runs on managed cloud infrastructure with physical security, redundant power and environmental controls operated by tier-one providers. Application workloads are isolated from each other and from operator tooling at the network and identity layers.
Data security
Data is encrypted in transit using TLS and at rest using provider-managed envelope encryption. Object storage for evidence files uses signed, time-limited URLs. Credentials are stored as salted, irreversible hashes.
Authentication
Sign-in supports email-and-password and supported OAuth providers. Sessions use short-lived tokens with refresh rotation. Suspicious sign-in patterns trigger additional verification.
Role-based permissions
Every record is scoped by organisation, project and role. Database row-level security enforces these scopes server-side so the protection holds even if the UI is bypassed.
Audit logs
Sensitive actions — role changes, exports, deletions, approvals — are recorded to an append-only audit log. Administrators can review activity for their organisation from within the product.
Continuity system
Drafts and in-progress work are preserved locally so that connectivity loss on site does not destroy operational input. When the device reconnects, queued operations sync with conflict handling.
Backups
Primary databases are backed up continuously with point-in-time recovery and daily full snapshots retained per the documented rotation. Restores are tested periodically.
Encryption
- TLS 1.2+ for all client-to-server traffic.
- Encryption at rest for primary databases and object storage.
- Secrets stored in a managed secrets service, never in source.
Engineering practices
- Two-person code review on all production changes.
- Automated dependency vulnerability scanning.
- Pre-deploy checks for typing, linting and tests.
- Production access on a least-privilege, time-bound basis.
Incident response
We maintain an incident response playbook covering detection, triage, containment, remediation and customer communication. Customers materially affected are informed without undue delay.
Responsible disclosure
If you believe you have found a security issue, please write to contact@shatakinfotech.com with reproduction steps and your contact details. Please do not publicly disclose the issue until we have had a reasonable chance to investigate and remediate. We will acknowledge receipt within two business days.
Report a security issue
We welcome reports from researchers and customers. Write to contact@shatakinfotech.com with steps to reproduce. Please do not test against other customers' data.
Byld360 is a software product and venture of SHATAK Infotech Pvt. Ltd.. For questions about this document, contact contact@shatakinfotech.com.
