Security & Trust

At Dview, security is not an afterthought — it is foundational to everything we build. As a cloud data platform processing sensitive enterprise data for banks, NBFCs, AMCs, and fintechs, we maintain the highest standards of data protection, infrastructure security, and operational resilience.

This Security & Trust Center outlines our security architecture, compliance posture, and the measures we take to protect your data. We are committed to transparency and welcome security inquiries from current and prospective customers.

Cloud Infrastructure

Dview is deployed on enterprise-grade cloud infrastructure with SOC 2 Type II certified data centers. Our architecture leverages multi-region redundancy, auto-scaling compute, and isolated tenant environments to ensure availability and performance.

• Multi-region deployment with automatic failover for high availability.
• Isolated compute and storage environments per tenant (no noisy neighbors).
• Network segmentation with VPC isolation and private subnet architecture.
• DDoS protection and Web Application Firewall (WAF) at all ingress points.
• Continuous vulnerability scanning and automated patch management.

Data Encryption

All data is encrypted using industry-standard algorithms both at rest and in transit. We use AES-256 for data at rest and TLS 1.3 for data in transit. Encryption keys are managed via a hardware security module (HSM) backed key management service.

Dview implements a defense-in-depth approach to access control, ensuring that only authorized users and systems can access your data.

• Role-Based Access Control (RBAC) with fine-grained permissions at workspace, project, and dataset levels.
• Multi-Factor Authentication (MFA) enforcement for all user accounts.
• Single Sign-On (SSO) support via SAML 2.0 and OIDC (Okta, Azure AD, Google Workspace).
• Just-in-Time (JIT) access elevation with automatic expiration.
• Comprehensive audit logging of all user and system actions.
• Session management with automatic timeout and device fingerprinting.

Dview maintains a robust compliance program aligned with global standards and industry-specific regulations. We undergo regular third-party audits and assessments to validate our security posture.

• SOC 2 Type II — Security, Availability, and Confidentiality trust services criteria.
• ISO/IEC 27001:2022 — Information Security Management System (ISMS) certification.
• GDPR — Full compliance with EU General Data Protection Regulation for data subject rights.
• CCPA — California Consumer Privacy Act compliance for California residents.
• India DPDP Act 2023 — Compliance with India's Digital Personal Data Protection Act.
• RBI Guidelines — Adherence to Reserve Bank of India cybersecurity frameworks for financial institutions.
• SEBI Regulations — Alignment with Securities and Exchange Board of India data governance requirements.

Beyond technical security, Dview implements comprehensive data governance policies that ensure your data is handled responsibly throughout its lifecycle.

• Data residency options — choose where your data is stored and processed.
• Automated data classification and tagging for sensitive information.
• Data retention policies with configurable retention periods and automated deletion.
• Right to deletion — request complete erasure of your data within 30 days.
• Data portability — export your data in standard formats at any time.
• No data monetization — we never sell, rent, or trade your data.

Dview maintains a 24/7 Security Operations Center (SOC) with real-time monitoring, automated threat detection, and rapid incident response capabilities.

• 24/7 security monitoring with SIEM integration and real-time alerting.
• Automated intrusion detection and anomaly detection across all infrastructure layers.
• Defined incident response procedures with clear escalation paths and communication protocols.
• Quarterly penetration testing by independent third-party security firms.
• Annual red team exercises to validate detection and response capabilities.
• Bug bounty program to encourage responsible disclosure from the security community.

We carefully evaluate and monitor all third-party vendors and integrations to ensure they meet our stringent security requirements.

• Vendor security assessments before onboarding any third-party service.
• Annual security reviews of all critical vendors and sub-processors.
• Contractual security requirements in all vendor agreements.
• Continuous monitoring of third-party security postures via external ratings.

Dview maintains comprehensive business continuity and disaster recovery plans to ensure service availability and data protection in the event of a disruption.

• Automated backups with point-in-time recovery capability (RPO < 1 hour).
• Multi-region disaster recovery with automated failover (RTO < 4 hours).
• Regular disaster recovery drills and tabletop exercises.
• Documented business continuity plans with clear roles and responsibilities.

We welcome security inquiries, vulnerability reports, and compliance questions. Our security team is available at:

• Security Email: security@dview.io
• Bug Bounty: security@dview.io (please include "Bug Bounty" in the subject)
• General Inquiries: connect@dview.io

For responsible disclosure, we commit to acknowledging reports within 48 hours and providing updates on remediation status. We do not pursue legal action against security researchers who act in good faith.