01
Our Commitment
Security is a core part of how we operate, not a compliance checkbox. We hold ourselves to a high standard because our clients trust us with their financial lives. That trust has to be earned and maintained every day.
We continuously review and improve our security practices as threats evolve and as our business grows.
02
Infrastructure and Hosting
We use reputable, enterprise-grade cloud infrastructure to store and process client data. Our infrastructure standards include:
- Data hosted on secure, access-controlled cloud servers
- All data in transit encrypted using TLS (Transport Layer Security)
- All data at rest encrypted using industry-standard encryption protocols
- Regular infrastructure monitoring and vulnerability assessments
- Automated backups to ensure data recovery in the event of a failure
03
Access Controls
Not everyone at Initium needs access to every client's data. We apply a strict principle of least privilege, meaning each team member only has access to the information they need to do their job.
Our access control measures include:
- Role-based access assigned by function and client relationship
- Multi-factor authentication (MFA) required for all internal systems
- Unique login credentials for every team member, no shared passwords
- Access logs maintained and reviewed regularly
- Immediate revocation of access when a team member leaves or changes role
04
Data Handling Practices
We treat your financial data with the same discretion you would expect from a trusted CA or CFO.
- Client data is used only for the purpose of delivering agreed services
- Data is never sold, shared, or used for any purpose outside the engagement
- Sensitive information such as PAN, Aadhaar, bank details, and tax credentials is handled within secure, authenticated channels only, never through public forms or unencrypted email
- Internal communication involving client data follows documented data-handling protocols
05
Employee Practices
Security is only as strong as the people behind it. All Initium team members are trained on data security and held to clear internal standards.
- Mandatory data security awareness as part of onboarding
- Clear internal policies on handling, storing, and sharing client information
- Prohibition on use of personal devices or unsecured networks for accessing client data
- Confidentiality obligations binding all employees and contractors
06
Vendor and Third-Party Security
When we use third-party tools or service providers that interact with client data, we apply the same rigour to them as we do to our own systems.
- We only engage vendors who meet our security and confidentiality standards
- All third-party tools that process client data are reviewed before use
- Data processing agreements are in place with relevant service providers
- We maintain an up-to-date list of tools and platforms used in our service delivery
07
Incident Response
Despite best efforts, no system is entirely risk-free. In the unlikely event of a security incident, we have a clear response process in place.
- Immediate containment and assessment of the incident
- Notification to affected clients as soon as practically possible
- Root cause analysis and corrective action
- Reporting to relevant regulatory authorities where required under Indian law
We believe in transparency. If something goes wrong that affects your data, we will tell you.
08
Your Responsibilities
Security is a shared responsibility. As a client or website visitor, you can also take steps to protect your data when working with us.
We encourage you to:
- Keep your login credentials and any shared access details confidential
- Use strong, unique passwords for any client portals or tools we share access to
- Notify us immediately if you suspect any unauthorised access to your account or shared information
- Avoid sharing sensitive information over unencrypted channels such as plain email or SMS where possible
09
Regulatory Compliance
Initium operates in accordance with applicable Indian data protection and regulatory frameworks, including:
- The Digital Personal Data Protection Act (DPDPA), 2023
- Applicable provisions of the Information Technology Act, 2000
- Relevant guidelines issued by the Reserve Bank of India (RBI) and other statutory bodies where applicable
Our practices are reviewed periodically to ensure continued compliance as regulations evolve.
10
Contact for Security Concerns
If you have a security concern, believe you have identified a vulnerability on our website, or want to report a suspected incident, please contact us directly. We take all security reports seriously and will respond promptly.