Data Security

This page summarizes how Vibos Technologies Pvt. Ltd. ("VIBOS") thinks about data security and confidentiality in the context of virtual business operations and outsourcing. It is intended for business and technical stakeholders evaluating VIBOS as a partner.

Specific security measures, controls evidence, audit rights, breach notification timelines, and subprocessors are typically documented in client agreements, security questionnaires, and (where applicable) data processing agreements. This overview does not replace those documents.

Secure outsourcing requires alignment on both sides. Clients are responsible for provisioning access correctly (least privilege, timely offboarding, MFA where supported), classifying data appropriately, and following their own regulatory and carrier obligations. VIBOS is responsible for operating disciplined internal practices and following agreed contractual requirements when performing services.

We emphasize people and process, not tools alone:

• Role-based access: team members receive access only to client systems and data needed for assigned work
• Confidentiality expectations for staff and contractors, reinforced through onboarding and ongoing awareness
• Change management for production access and privileged accounts where applicable
• Vendor and tool evaluation with security and privacy in mind for our own stack

Exact controls vary by engagement, but our baseline approach commonly includes practices such as:

• Secure workstations and endpoint hygiene expectations for remote delivery teams
• Use of approved communication and file-sharing channels rather than uncontrolled personal accounts
• Strong authentication where client systems support it (for example, MFA on email, AMS, and CRM)
• Segregation between client environments where multiple clients are supported
• Logging and monitoring of our internal systems as appropriate to detect misuse or anomalies
• Backups and recovery planning for VIBOS-managed systems (client-owned systems remain governed by the client)

We do not guarantee that any specific tool, certification, or control applies to every engagement unless documented in writing for that engagement.

Many VIBOS clients operate in insurance, lending, or adjacent regulated sectors. We understand that carrier rules, privacy laws, and internal compliance programs impose expectations on who can see what, how data is stored, and how incidents are reported. We work within client-defined policies and tool configurations and can complete reasonable security questionnaires as part of vendor due diligence.

Delivery is primarily remote from India, with collaboration across approved tools. Data may be processed in India and in regions where our clients' systems or our subprocessors are hosted. Cross-border transfers, if required, should be addressed in your agreement with us and, where applicable, standard contractual clauses or equivalent safeguards.

If we become aware of a security incident that materially affects personal data or client confidential information within our responsibility, we will notify affected clients in accordance with contractual commitments and applicable law. Clients should notify us promptly if they suspect unauthorized access related to accounts or integrations we use on their behalf.

Information collected through our public website (forms, newsletter, analytics) is handled as described in our Privacy Policy. Website hosting and form processing may rely on subprocessors; details can be provided on request for procurement reviews.

Retention of client operational data follows the schedules and instructions in your contract or documented operating procedures. Upon contract end, we cooperate on return or secure deletion of VIBOS-held copies as agreed, subject to legal hold or statutory retention requirements.

To keep engagements secure, we may request that you:

• Provide role-appropriate accounts rather than shared passwords
• Enable MFA and SSO where available
• Define approved tools for messaging, documents, and screen sharing
• Notify us when team members who had access leave your organization
• Share incident or phishing reporting channels so we can coordinate quickly

For security questions related to a prospective or active engagement, contact your VIBOS representative or reach us through the Contact page. For general legal terms of website use, see our Terms of Service.

This page describes practices at a high level and is not an audit report, certification, or legal guarantee. Compliance requirements differ by jurisdiction and industry; your counsel and risk team should validate fit for your program.