All data in transit is protected using TLS 1.2 / 1.3. Sensitive data at rest (including backups and certain personal identifiers) is encrypted using industry-standard algorithms (for example, AES-256).

We do not store raw payment card numbers on our platform. Payment information is handled by our PCI-compliant payment partners (for Razorpay).

Our services are hosted on secure cloud infrastructure with hardened servers, automated patching, and network isolation. We use firewalls, DDoS protection, and monitoring to maintain availability.

We choose reputable cloud providers and implement least-privilege access and strong network segmentation for production systems.

We perform regular automated backups with encrypted storage and geo-redundancy. Backups are retained according to our data retention policy and can be used to restore service in the event of data loss.

Restore drills and recovery tests are performed periodically to ensure business continuity.

Access to the Hubsoft merchant dashboard and APIs is protected by password-based authentication and optional Multi-Factor Authentication (MFA) where available. We follow least-privilege principles for user roles and internal staff accounts.

We recommend enabling MFA and using unique, strong passwords for all accounts.

All card and payment processing is carried out via PCI-DSS-compliant payment processors. Hubsoft never stores full card numbers, CVV codes, or other sensitive card data on our servers.

Transaction records and payment statuses are stored for reconciliation and reporting. Fees and settlement details are subject to the payment provider's policies.

Merchant data is logically separated. Each merchant sees only their own customers, orders, and invoices unless the merchant explicitly exports or shares data. Global identifiers (like a phone number) are used to avoid duplicate customer records while preventing unauthorized cross-merchant data exposure.

We implement strict authorization checks in APIs and the dashboard to ensure tenants are isolated.

We collect logs for security monitoring, audit trails, and troubleshooting. Security alerts are monitored 24/7 and we have an incident response plan that includes containment, investigation, and notification.

If a data breach affecting personal data is confirmed, we will notify affected parties and authorities as required by law.

We retain merchant and customer data while the account is active and for a limited period after account termination for legal and operational reasons. Merchants may request export or deletion of their data; deletion requests are processed following verification.

Contact info@hubsoft.in to request data export or deletion.

We use third-party providers for payments, messaging (SMS/WhatsApp), analytics, and hosting. These providers may process data on our behalf. We choose reputable partners and require appropriate data protection measures in contracts.

A list of our primary third-party providers is available on request.

Access to production systems is restricted to authorized employees. Staff undergo security awareness training and background checks where applicable. We use role-based access and enforce strong authentication for internal tools.

Hubsoft strives to meet applicable industry standards and legal requirements. For payment processing we rely on our payment partners' compliance (e.g., PCI-DSS). For regional data protection laws, we follow local guidance and update policies when required.

If you need specific compliance documentation (SOC reports, data processing addendum), please contact our support team.

If you discover a potential security vulnerability or breach, please notify us immediately at info@hubsoft.in with details. Provide reproduction steps, affected accounts (if known), and any relevant logs or screenshots.

We value responsible disclosure and will acknowledge your report promptly.