Security is foundational at Unotag. Our customers process payouts of ₹100+ Cr per month through our platform. We engineer, audit and operate the service to enterprise-grade standards.
The Unotag platform runs on AWS Mumbai (ap-south-1) with active-active multi-AZ deployment. Production environments are isolated from staging and development; access is gated through least-privilege IAM, hardware MFA and audited bastion hosts.
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Sensitive fields (PAN, bank, Aadhaar last-4) are encrypted at the application layer with AWS KMS-managed keys. Backups are encrypted, geo-redundant and tested quarterly.
SAST and DAST scans run on every release. Quarterly third-party penetration tests cover web, mobile and API surfaces. Bug-bounty program live since 2023 — disclosure to security@unotag.com.
24×7 SOC monitoring, AWS GuardDuty, anomaly detection on payout rails, role-based access control, and quarterly access reviews. All employees undergo background verification and annual security training.
RPO 15 min · RTO 1 hour. Tabletop disaster-recovery exercises run quarterly. Multi-region failover capability for the payout rail is hot-standby in AWS Hyderabad (ap-south-2).
Security incidents are triaged within 1 hour and customers materially impacted are notified within 24 hours per their MSA. For verified vulnerabilities or active incidents, write to security@unotag.com.