HomeProductsAboutClientsSecurityContact
Version 2.0 — Effective April 2026

Security & Data Policy

MMG Infotech is committed to the highest standards of privacy, integrity, and confidentiality. We develop sensitive solutions for CBI, UP Police, Delhi Police, Telangana Police, Haryana Police, and MP Police.

🛡 VAPT Grade A
🔒 AES-256 Encrypted
⚖ DPDPA 2023 Compliant
01
🎯
Objective & Scope
  • Committed to highest standards of privacy, integrity, and confidentiality
  • Solutions deployed for CBI (4 offices), UP Police (12+ districts), Delhi Police, Telangana, Haryana, MP Police
  • Products handle investigation data, digital evidence, criminal case files, citizen grievances
  • Achieved VAPT Grade A (89%) certification
  • Operate own AI-powered VAPT platform — MMG CyberShield
02
🔒
Data Confidentiality & Non-Disclosure
  • Strict non-disclosure — all code, investigation records, evidence data kept strictly confidential
  • No disclosure to unauthorized third parties under any circumstances
  • All team members bound by internal NDAs
  • Highest data compartmentalization for CBI/Police data
  • Ready to sign formal NDAs with all partners
  • DPDPA 2023 compliant
03
🛡
Zero Trust Security Architecture
  • Never Trust, Always Verify: Every access request verified
  • MFA: Google Authenticator TOTP + OTP
  • No Implicit Trust: No user/device/network trusted implicitly
  • Micro-Segmentation: Resources segmented to limit lateral movement
  • Device Fingerprinting: Hardware-bound licensing
  • One-Device Policy: Prevents concurrent sessions
  • Anti-Tamper: Binary runtime protection in MMG-Plus
04
🔐
Encryption & Cryptographic Standards
  • Data at Rest: AES-256-CBC encryption
  • Data in Transit: SSL/TLS 1.2/1.3
  • VPN: WireGuard ChaCha20-Poly1305
  • License Codes: AES-256 + RSA-signed
  • Passwords: bcrypt with salt
  • Databases: Encrypted at rest and in transit
05
Secure Hosting & Infrastructure
  • Web Servers: Hardened IIS + Nginx with WAF
  • Deployment: PM2 cluster, zero-downtime
  • Firewall & IDS/IPS with honeypots
  • Kill Switch: Auto connection termination
  • GeoIP: India-only for government apps
  • Patch Management: Latest security patches
  • Backups: Daily encrypted, integrity verified
  • Session Isolation: Per-user CPU/Memory limits
06
🔑
Access Control & Authorization
  • RBAC: 14-tier role system
  • Least Privilege: Need-to-Know access
  • Audit Trails: Tamper-proof with checksums
  • Immutable Logs: 365-day retention, CSV/PDF export
  • IP Controls: Whitelist/blacklist
  • Sessions: 15-min timeout, device-bound, credential flushing
  • Brute-Force: 5-tier rate limiting + lockout
07
🛠
Application Security (Secure SDLC)
  • VAPT Grade A: 89% score
  • Own VAPT: MMG CyberShield — SAST, DAST, 5 AI red teams
  • OWASP Top 10 compliance
  • Secure Coding: Validation, CSRF protection
  • Code Reviews: Mandatory before production
  • 536+ automated tests
  • Dependency scanning for third-party vulnerabilities
  • Anti-Tamper + license heartbeat verification
08
🗃
Evidence & Sensitive Data Handling
  • Chain-of-custody protocols for all evidence data
  • Tamper-proof audit trails
  • Evidence compartmentalization
  • BNSS 2023 compliant data handling
  • BNSS 135(6) automated detention alerts
  • AI-powered fraud detection in case management
09
📡
VPN & Secure Communications
  • WireGuard ChaCha20-Poly1305 encryption
  • 100% self-hosted, Made in India, zero external APIs
  • DPDPA 2023 compliant
  • Device fingerprinting, max 2 devices/user
  • IDS + honeypots for threat detection
  • Kill switch for auto termination
  • GeoIP India-only blocking
  • 96/100 security score
10
Legal & Regulatory Compliance
  • Information Technology Act, 2000
  • IT (Reasonable Security) Rules, 2011
  • DPDPA 2023
  • BNSS 2023
  • GeM GTC/STC compliance
  • CIS, NIST, OWASP frameworks
11
🚨
Incident Response & Management
  • Immediate Response: Investigate, contain, remediate
  • Notification: Prompt to all stakeholders
  • RCA: Root cause analysis for every incident
  • Report: Timeline, impact, corrective actions
  • 24x7: 1-hour response for critical incidents
  • AI: Automated anomaly detection
12
🎓
Employee Security Awareness
  • Security orientation at onboarding
  • Periodic training sessions
  • Enhanced background verification for government data handlers
  • Clear desk and clear screen policies
  • No personal devices for production access
  • Internal NDAs signed by all team members
Declaration

We, MMG Infotech Private Limited, hereby declare that all above policies are actively implemented. As a 🏆 VAPT Grade A certified technology partner of CBI and multiple State Police departments, we understand the gravity of information security.

We are fully prepared to:

Gaurav Sharma
Director, MMG Infotech Pvt Ltd
CIN: U72200UP2021PTC142703
📞