Trust Center - Clepto.io | Security & Compliance

Our Commitment to Trust

At Clepto.io, we believe trust is earned through transparency, robust security practices, and unwavering commitment to data protection. This Trust Center provides comprehensive information about how we protect your data and maintain compliance with global privacy regulations.

Security & Compliance at a Glance

🌍

Multi-Jurisdictional Compliance

GDPR (EU) • DPDP Act (India) • Privacy Best Practices

🔐

Enterprise-Grade Security

AES-256 Encryption • TLS 1.2+ • Role-Based Access Control

📊

Full Audit Trails

Every workflow execution logged for 3 years minimum

🇪🇺

EU Data Residency

Primary data stored in EU • Optional EU-only processing

👁️

100% Sub-Processor Transparency

Complete visibility into all third-party providers

⚡

24-Hour Breach Notification

Rapid incident response and communication

Compliance Documentation

✓ Complete

Privacy & Cookie Policies

Comprehensive policies covering data collection, processing, and your rights under GDPR and Indian DPDP Act 2023.

📄 Privacy Policy How we collect and process your data 🍪 Cookie Policy Cookie usage and tracking technologies

✓ Complete

Sub-Processor Transparency

Complete list of all third-party service providers we use, including AI providers, hosting, and infrastructure.

🔗 Sub-Processors List Updated November 16, 2025 • 8 providers

Featured Providers:

Supabase (EU) - Database hosting with EU data residency
Hostinger (UK) - Website and application hosting
Mistral AI (France) - EU-only AI provider option
OpenAI, Anthropic, Google - AI language models with SCCs

📧 Available on Request

Data Processing Agreement (DPA)

GDPR-compliant Data Processing Agreement for clients, including EU Standard Contractual Clauses and comprehensive security measures.

✓ EU Standard Contractual Clauses (SCCs)

✓ Transfer Impact Assessments for US providers

✓ Security measures documentation (Annex II)

✓ Data subject rights assistance procedures

✓ Sub-processor management framework

✓ Incident response and breach notification

Request DPA

🚧 Roadmap

Security Certifications

We are working toward industry-standard security certifications as we scale.

●

Current (2025)

ISO 42001 framework-aligned practices • GDPR-ready infrastructure • Security best practices

○

2026 Target

ISO 27001 (Information Security) • ISO 42001 (AI Management Systems)

○

2027 Target

SOC 2 Type II (for US enterprise clients) • Annual penetration testing

Security Architecture

🔐 Data Protection

Hosting: Hostinger VPS (Ireland)
Database: PostgreSQL with encrypted storage on Hostinger VPS
Encryption in Transit: TLS 1.2/1.3 HTTPS (all connections encrypted)
Access Control: Role-based access controls
Authentication: Secure password requirements with bcrypt hashing
Backups: Regular encrypted backups by Hostinger

👥 Access Control

Role-Based Access (RBAC): Minimum necessary access
Multi-Factor Authentication: Required for admin access
Strong Passwords: 12+ characters, complexity requirements
Access Logging: All access to personal data logged

📊 Monitoring & Logging

Comprehensive Audit Logs: Every workflow execution tracked
Security Monitoring: 24/7 monitoring for anomalies
Log Retention: Minimum 3 years for compliance
Immutable Logs: Cannot be altered after creation

🔄 Business Continuity

Daily Backups: Automated, encrypted, geographically distributed
Disaster Recovery: RPO < 24 hours, RTO < 48 hours
Redundancy: Multi-availability zone architecture
Backup Testing: Monthly restoration tests

🛡️ Organizational Security

Security Training: Regular staff training on data protection
Confidentiality: All team members bound by NDAs
Incident Response: Documented procedures, 24-hour notification
Vendor Management: Security assessment of all sub-processors

🔍 Compliance Controls

Data Minimization: Collect only necessary data
Privacy by Design: Privacy built into workflow design
Data Retention: Automated deletion after retention period
Client Data Isolation: Multi-tenant architecture with separation

Your Data Rights

Under GDPR and Indian DPDP Act, you have comprehensive rights over your personal data.

📋

Right to Access

Request a copy of all personal data we hold about you

✏️

Right to Rectification

Correct any inaccurate or incomplete data

🗑️

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

📦

Right to Data Portability

Receive your data in machine-readable format

🚫

Right to Object

Object to processing based on legitimate interests

⏸️

Right to Restriction

Limit how we use your data in certain circumstances

Exercise Your Rights

To exercise any of these rights, contact us at:

privacy@clepto.io

We will respond within 30 days (GDPR) or as required by applicable law

International Data Transfers

We process data across multiple jurisdictions with appropriate safeguards.

🇮🇳 India

Our Location

Registered and headquartered in Pune, Maharashtra

→

🇪🇺 European Union

Primary Data Storage

Supabase (EU), Hostinger (UK), Mistral AI (France)

No Cross-Border Transfer

→

🇺🇸 United States

AI Providers (Optional)

OpenAI, Anthropic, Google (only if selected)

SCCs + TIA

Transfer Safeguards:

✓

Standard Contractual Clauses (SCCs)

EU Commission-approved contracts with all US providers

✓

Transfer Impact Assessments

Risk analysis for each US provider (Schrems II compliance)

✓

Encryption & Minimization

Data encrypted in transit, only necessary data transferred

✓

EU-Only Option Available

Clients can choose to use only EU-based providers (Mistral AI)

Incident Response

Our commitment to transparency includes rapid communication in case of security incidents.

1

Detection

Immediate identification through monitoring systems or reports

2

Containment

Stop the incident from spreading within minutes

3

Client Notification

Within 24 hours of becoming aware

4

Investigation

Root cause analysis and impact assessment

5

Authority Notification

Within 72 hours if required by GDPR

6

Remediation

Fix vulnerabilities and implement preventive measures

Report a Security Concern:

privacy@clepto.io

Questions About Trust & Security?

📧 Privacy Inquiries

Data protection, privacy rights, DPA requests

privacy@clepto.io

🔒 Security Questions

Security practices, compliance documentation

privacy@clepto.io

📋 Documentation Requests

DPA, security questionnaires, audit reports

privacy@clepto.io

CLEPTO.IO SERVICES PRIVATE LIMITED

CIN: U62013PN2025PTC248011

SNO.107-108, PT-B, ROSEWOOD, SFL-J-603, PIMPLE SAUDAGAR
Sangavi, Pune-411027, Maharashtra, India

🔒 Trust Center

Our Commitment to Trust

Security & Compliance at a Glance

Multi-Jurisdictional Compliance

Enterprise-Grade Security

Full Audit Trails

EU Data Residency

100% Sub-Processor Transparency

24-Hour Breach Notification

Compliance Documentation

Privacy & Cookie Policies

Sub-Processor Transparency

Featured Providers:

Data Processing Agreement (DPA)

Security Certifications

Security Architecture

🔐 Data Protection

👥 Access Control

📊 Monitoring & Logging

🔄 Business Continuity

🛡️ Organizational Security

🔍 Compliance Controls

Your Data Rights

Right to Access

Right to Rectification

Right to Erasure

Right to Data Portability

Right to Object

Right to Restriction

Exercise Your Rights

International Data Transfers

🇮🇳 India

🇪🇺 European Union

🇺🇸 United States

Transfer Safeguards:

Incident Response

Detection

Containment

Client Notification

Investigation

Authority Notification

Remediation

Questions About Trust & Security?

📧 Privacy Inquiries

🔒 Security Questions

📋 Documentation Requests

CLEPTO.IO SERVICES PRIVATE LIMITED

Request a Consultation

Thanks — we've got your request

Join Our Newsletter