Security & Trust

CoreLayerEngine — a proprietary product of Ektasi Technology Private Limited, Varanasi, India · Last updated 27 June 2026

Security is foundational to CoreLayerEngine. This page summarises how Ektasi Technology Private Limited protects your data. (It describes our practices and is not a warranty; see our Disclaimer.)

Data protection

Payments

All card payments are processed on our providers' own hosted checkout pages (Stripe, Razorpay, Cashfree, Paddle, Lemon Squeezy). Card numbers never touch our servers, keeping us to the lowest PCI DSS scope (SAQ A). Webhooks are signature-verified.

Application security

Access, logging & resilience

Least-privilege access, audit logging (including a tamper-evident approval chain), and database backups. We separate tenant data per account.

Privacy by design

In-app tools let you export or erase a person's data (DSAR), manage consent, and control retention — see our Privacy Policy and DPA.

Responsible disclosure

Found a vulnerability? Please email [email protected] with details and allow us reasonable time to remediate. We appreciate good-faith research and will not pursue researchers who act responsibly.

On our roadmap

Multi-factor authentication, regional data residency, and independent attestations (SOC 2 / ISO 27001) are in progress.

This document is provided for transparency and must be reviewed by qualified legal counsel before you rely on it. It is a starting template, not legal advice.
Questions: [email protected] · © 2026 CoreLayer Engine · Ektasi Technology Private Limited