Security is foundational to CoreLayerEngine. This page summarises how Ektasi Technology Private Limited protects your data. (It describes our practices and is not a warranty; see our Disclaimer.)
All card payments are processed on our providers' own hosted checkout pages (Stripe, Razorpay, Cashfree, Paddle, Lemon Squeezy). Card numbers never touch our servers, keeping us to the lowest PCI DSS scope (SAQ A). Webhooks are signature-verified.
X-Content-Type-Options, frame-deny, and other hardened headers.Least-privilege access, audit logging (including a tamper-evident approval chain), and database backups. We separate tenant data per account.
In-app tools let you export or erase a person's data (DSAR), manage consent, and control retention — see our Privacy Policy and DPA.
Found a vulnerability? Please email [email protected] with details and allow us reasonable time to remediate. We appreciate good-faith research and will not pursue researchers who act responsibly.
Multi-factor authentication, regional data residency, and independent attestations (SOC 2 / ISO 27001) are in progress.