DraftLC Logo

Security at DraftLC

At DraftLC, we prioritize the security and privacy of your trade finance data. Our platform is designed with industry-leading security practices to protect your sensitive information and ensure compliance with global standards.

Data Protection

  • Encryption: All data is encrypted both in transit using TLS and at rest using AES-256 encryption.
  • Access Controls: Strict server-side authorization ensures users can only access their own data.
  • Data Isolation: Strict server-side authorization ensures users can only access their own data.

Authentication & Authorization

  • Secure Login: Multi-factor authentication (MFA) is supported to enhance account security.
  • OAuth Integration: Support for Google Sign-In for secure and convenient login.
  • Secure Session Handling: User sessions are managed securely by Firebase, with automatic expiration to protect against unauthorized access.

Compliance & Standards

  • Regulatory Compliance: The platform is designed with features to help meet the principles of major data protection regulations, including GDPR (EU), the UK's Data Protection Act, California's CCPA, and India's Digital Personal Data Protection Act (DPDPA). We continuously monitor our obligations under these and other relevant frameworks.
  • Audit Trails: Comprehensive logging and audit trails for all user actions to support compliance and troubleshooting.
  • Data Retention Policies: Tier-based data retention policies with automatic cleanup to minimize data exposure.

Infrastructure Security

  • Cloud Security: Hosted on secure cloud infrastructure with regular security audits and vulnerability assessments.
  • Network Security: Firewalls, intrusion detection systems, and DDoS protection safeguard our network.
  • Backup & Recovery: Regular backups and disaster recovery plans ensure data availability and integrity.

User Responsibilities

  • Password Security: Users are encouraged to use strong, unique passwords and enable MFA.
  • Data Handling: Users should ensure that uploaded documents do not contain unnecessary sensitive information.

Incident Response

  • Monitoring: Continuous monitoring for suspicious activities and potential threats.
  • Response Plan: Established incident response procedures to quickly address and mitigate security incidents.

Contact Us

If you have any security concerns or questions, please contact our security team at security@draftlc.com.