Loading
Legal — Security
How we protect the udaantechnologies.com website, your data, and the systems that serve you.
Last updated: July 6, 2026Security is not an afterthought at Udaan Technologies — it is designed into every layer of this website, from the infrastructure we run on to the way we handle form submissions. We apply the principle of least privilege throughout: every system and every team member has exactly the access they need and nothing more.
This page describes the concrete measures in place on udaantechnologies.com. It is intentionally specific so that clients, partners, and researchers can understand our security posture without needing to ask.
Our website and serverless functions are hosted on Vercel, a platform that holds SOC 2 Type II and ISO 27001certifications. Vercel’s edge network handles DDoS mitigation, TLS termination, and certificate management automatically at the platform level.
Our database runs on Supabase, which is also SOC 2 Type II certified. All data stored in Supabase is encrypted at rest using AES-256.
Strict-Transport-Security header is set with a max-age of one year (31 536 000 seconds), instructing browsers to always use HTTPS for this domain.Every API endpoint and every form submission goes through multiple layers of application-level protection:
Origin and Referer headers against an allowlist. Requests from unknown origins are rejected before any processing occurs.429 Too Many Requests response.camera=(), microphone=(), geolocation=().We collect only what is necessary to deliver our services and respond to enquiries. Here is how that data is handled:
Access to production systems and sensitive configuration is tightly controlled:
We welcome reports from security researchers. If you discover a vulnerability on udaantechnologies.com, please tell us before disclosing it publicly — we will investigate promptly and take corrective action.
How to report: Send an email to info@udaantechnologies.com with the subject line Security Report. Please include:
We commit to the following:
We design our data practices to meet the requirements of the jurisdictions we operate in and serve clients from:
For general security questions, vulnerability reports, or data-related enquiries, please contact us:
All security reports are treated with highest priority and will receive a response within 24 hours.