Security Policy – SIONIQ
Last updated on: 26th February 2026
At Sioniq Tech Private Limited (“Sioniq”, “we”, “our”, or “us”), we are dedicated to implementing administrative, technical, and organizational safeguards designed to protect the confidentiality, integrity, and availability of data. This Security Policy outlines the security measures we follow to protect the information entrusted to us, and it applies to all services provided by Sioniq, including our cloud-based (SaaS) deployments and on-premises installations.
This Security Policy forms part of and is subject to the Terms of Use and any executed commercial agreement. In the event of conflict, the executed agreement shall prevail.
Scope of the Policy
This policy applies to:
- Sioniq Cloud (SaaS) services
- On-premises deployments and installations
- Customer-facing portals, applications, and interfaces
- Employees and authorized third-party partners
Data Security
We implement robust security controls to protect customer data:
- Encryption: All sensitive data is encrypted in transit using TLS/HTTPS protocols and at rest using industry-standard encryption algorithms.
- Password Protection: Customer passwords are hashed and stored securely, ensuring that they are never stored in plain text.
- Data Segregation: Customer data is logically segregated per user to ensure privacy and isolation across clients using our services.
Access Control
Sioniq enforces strict access controls to ensure that only authorized users have access to sensitive data:
- Role-Based Access Control (RBAC): Access to data and systems is granted based on defined roles and responsibilities.
- Principle of Least Privilege: Users are granted the minimum necessary access required for their job function.
- Multi-Factor Authentication (MFA): We support MFA to strengthen authentication processes and enhance security.
- Access Reviews: User access is reviewed periodically to ensure it aligns with business needs and security protocols.
Infrastructure Security
Our infrastructure is hosted on secure, resilient cloud environments, ensuring robust physical and network security:
- Firewalls & Intrusion Prevention: We deploy commercially reasonable firewall and intrusion detection mechanisms to protect against unauthorized access.
- Vulnerability Assessments: Regular vulnerability assessments are conducted to identify and mitigate potential risks.
Application Security
We adopt industry best practices to ensure that our applications remain secure:
- Secure Coding Standards: Our development teams follow secure coding practices to protect against common vulnerabilities.
- Code Reviews: Regular code reviews are conducted to identify and address potential security weaknesses.
Monitoring and Logging
To detect and respond to potential threats, we employ advanced monitoring and logging mechanisms:
- System and Application Logs: We maintain detailed logs of system and application activities, capturing critical actions for log purposes.
- Suspicious Activity Monitoring: We also monitor for any unusual or suspicious activity within our systems.
- Log Protection: Logs are secured and protected from unauthorized access to maintain their integrity.
- Penetration Testing: Periodic security assessments and testing may be conducted to evaluate system resilience.
Incident Response
Sioniq follows a comprehensive incident response procedure:
- Incident Logging & Investigation: All security incidents are promptly logged and investigated by our team.
- Mitigation & Containment: Immediate actions are taken to contain and mitigate any identified security incident.
- Customer Notification: Where required by applicable law or contract, affected customers will be notified of material security incidents without undue delay.
- Post-Incident Review: After an incident, corrective actions are taken to prevent similar events in the future, and the lessons learned are documented.
Backup and Disaster Recovery
Sioniq ensures that backup and disaster recovery procedures are in place to safeguard data:
- Cloud Backups: Backups are taken regularly for all cloud deployments to ensure data can be recovered if needed.
- Disaster Recovery: We maintain disaster recovery procedures to minimize downtime and protect against data loss.
- On-Premises Guidelines: Customers with on-premises installations are provided with best practices and guidelines for backup and recovery.
Employee Security
Sioniq’s commitment to security extends to our employees:
- Background Checks: Background checks are conducted on employees where permitted by law to ensure the trustworthiness of individuals handling sensitive data.
- Security Training: Employees receive ongoing awareness training to stay informed about emerging threats and best practices.
- Confidentiality Obligations: All employees are bound by confidentiality obligations to protect client data.
- Access Revocation: Upon termination of employment, employee’s access to Sioniq systems is revoked immediately.
Third-Party Security
Sioniq evaluates third-party vendors for security risks before sharing customer data:
- Vendor Evaluation: All third-party vendors undergo a thorough evaluation of their security posture.
- Security Requirements: We enforce minimum security requirements for third-party vendors and ensure customer data is shared only with authorized entities.
- Data Sharing: Customer data may be shared with authorized service providers or as required by law, in accordance with applicable agreements and the Privacy Policy.
Customer Responsibilities
Customers also play a vital role in securing their data:
- Password Management: Customers are responsible for maintaining strong passwords and securing user credentials.
- Access Control: Customers should ensure proper access control within their organization, limiting access to authorized personnel.
- On-Premises Security: Customers are responsible for securing their on-premises infrastructure to ensure it remains secure.
- For Customer-uploaded ERP data, SIONIQ acts as a service provider and does not determine the legality or accuracy of Customer data.
Limitation of Liability
Liabilities, if any, relating to security matters shall be governed by the limitation of liability provisions set forth in the applicable agreement or “Terms of Use” policy.
No Absolute Security Guarantee
While SIONIQ maintains robust safeguards, no system can guarantee absolute security. Customers acknowledge inherent risks associated with internet-based services.
Data Retention
Security logs and backups are retained for defined operational or compliance periods and securely disposed of thereafter.
Force Majeure
Security obligations are subject to force majeure provisions in the applicable agreement or “Terms of Use” policy.
Severability
If any portion of this Policy is deemed unenforceable, the remaining provisions of this policy shall remain in effect.
Policy Modifications
Sioniq reserves the right to amend or update this Policy at any time. Any changes will be published on the Company website. Material updates to this Policy will be reflected by a revised “Last Updated” date. Continued use of the ERP software or services or website constitutes acceptance of this policy.
Contact Information
For queries regarding billing, cancellations, or refunds, please contact Sioniq at info@sioniq.com
Governing Law
This Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising out of or relating to this Policy shall be subject to the jurisdiction of the courts in Hyderabad, Telangana.
Acknowledgment
By accessing or using Sioniq services, you acknowledge that:
- You have the authority to agree to these terms on behalf of your organization.
- You have read and understood this entire Policy.
- You agree to comply with all terms and conditions set forth herein.