NDA & Security

Enterprise-Grade Security & Ironclad Confidentiality Commitments

Back to Home
Effective Date: April 20, 2026

At Vantrix Global, we understand that when you outsource business processes, you're entrusting us with your most sensitive information — customer data, financial records, intellectual property, and trade secrets. We take this responsibility with the utmost seriousness.

This document outlines our Non-Disclosure Agreement (NDA) terms and comprehensive Security Framework designed to protect your data with military-grade safeguards.

Our Commitment: Your confidential information is protected by contractual, technical, and organizational measures that exceed industry standards. We treat your data as if it were our own — because your success is our success.

1. Non-Disclosure Agreement (NDA)

1.1 Mutual Confidentiality Obligation

Both Vantrix Global and Client agree to:

  • Keep all confidential information strictly confidential
  • Use confidential information only for the purpose of service delivery
  • Not disclose to any third party without prior written consent
  • Protect confidential information with the same degree of care as own proprietary information (minimum: reasonable care)

1.2 Definition of Confidential Information

Confidential Information includes, but is not limited to:

  • Business Information: Business plans, strategies, financial data, customer lists, pricing, vendor agreements
  • Technical Information: Software, algorithms, source code, technical specifications, system architecture
  • Operational Data: Processes, workflows, SOPs, training materials, performance metrics
  • Customer/Employee Data: Names, contact details, transaction history, employment records
  • Intellectual Property: Trademarks, patents, copyrights, trade secrets, know-how
  • Marketing Information: Campaign strategies, market research, promotional plans

1.3 Exclusions from Confidentiality

Information is NOT confidential if it:

  • Was publicly available at the time of disclosure or becomes publicly available through no fault of receiving party
  • Was already known to receiving party without confidentiality restriction
  • Is independently developed by receiving party without reference to confidential information
  • Is lawfully obtained from a third party without confidentiality obligations
  • Must be disclosed by law, court order, or government authority (with prior notice to disclosing party)

1.4 Employee & Contractor NDAs

Vantrix Global ensures:

  • All employees sign individual NDAs before accessing Client data
  • Contractors and temporary staff sign equivalent confidentiality agreements
  • NDAs remain in effect during and after employment
  • Violation of NDA is grounds for immediate termination and legal action

1.5 Duration of Confidentiality

  • During Service Period: Full confidentiality in effect
  • Post-Termination: Confidentiality obligations continue for 5 years after termination
  • Trade Secrets: Protected indefinitely for as long as information remains a trade secret

1.6 Remedies for Breach

In the event of NDA breach:

  • Immediate Injunction: Client may seek immediate injunctive relief
  • Damages: Breaching party liable for all direct and consequential damages
  • Legal Costs: Breaching party pays prevailing party's legal fees
  • Termination: Client may terminate service agreement immediately without penalty

2. Data Security Framework

Vantrix Global implements a multi-layered security approach aligned with ISO 27001:2013 standards:

Physical Security

24/7 monitored facilities, biometric access, CCTV surveillance, secure server rooms

Access Control

Role-based access (RBAC), multi-factor authentication, least privilege principle

Encryption

AES-256 at rest, TLS 1.3 in transit, encrypted backups, secure key management

Network Security

Firewalls, IDS/IPS, DDoS protection, network segmentation, VPN access

Monitoring

24/7 SOC, real-time alerts, anomaly detection, security incident response

Data Backup

Daily encrypted backups, 99.9% recovery SLA, geo-redundant storage

3. Technical Security Measures

3.1 Infrastructure Security

Data Centers

  • Tier III or higher certified data centers in India
  • ISO 27001, SOC 2 certified facilities
  • 99.95% uptime SLA
  • Redundant power, cooling, and network connectivity
  • Disaster recovery sites for business continuity

3.2 Application Security

Secure Development

  • OWASP Top 10 vulnerability testing
  • Secure coding practices and code reviews
  • Regular penetration testing (quarterly)
  • Vulnerability scanning and patch management
  • Web Application Firewall (WAF) protection

3.3 Data Encryption

Data State Encryption Method Key Management
Data at Rest AES-256 AWS KMS / Azure Key Vault
Data in Transit TLS 1.3 Certificate-based (SHA-256)
Database Transparent Data Encryption (TDE) HSM-protected keys
Backups AES-256 Separate encryption keys
Email S/MIME or PGP Public key infrastructure

3.4 Access Management

Identity & Access Control

  • Multi-Factor Authentication (MFA): Mandatory for all system access
  • Role-Based Access Control (RBAC): Access based on job function
  • Least Privilege: Minimum necessary permissions granted
  • Access Reviews: Quarterly access audits and revocation
  • Session Management: Auto-logout after 15 minutes of inactivity
  • IP Whitelisting: Restricted access from approved IP ranges

4. Organizational Security

4.1 Employee Security Program

Pre-Employment Screening

  • Background verification (criminal, educational, employment)
  • Reference checks from previous employers
  • Drug testing (where legally permitted)
  • Social media screening
  • Credit checks for finance-related roles

4.2 Security Training

  • Onboarding Training: Mandatory 8-hour security awareness course
  • Annual Refresher: Yearly security policy updates
  • Role-Specific Training: Specialized training for IT, finance, HR teams
  • Phishing Simulations: Quarterly phishing tests and remediation training
  • Incident Response: Training on reporting security incidents

4.3 Code of Conduct

All employees agree to:

  • Not share login credentials or passwords
  • Not access data beyond job requirements
  • Not copy, download, or transfer data to personal devices
  • Not discuss Client information outside work environment
  • Report any suspected security incidents immediately
  • Return all company assets upon termination

4.4 Exit Procedures

When employees leave:

  • System access revoked within 1 hour of termination
  • All devices, documents, and materials returned
  • Exit interview covering confidentiality obligations
  • Final NDA reminder and acknowledgment signed
  • Email and communication monitoring for 30 days post-exit

5. Physical Security

5.1 Facility Access Control

  • Perimeter Security: Gated premises with security guards
  • Biometric Entry: Fingerprint/facial recognition for building access
  • Smart Cards: RFID badges for zone-based access
  • Visitor Management: Pre-registration, escort required, badge tracking
  • Server Room Access: Dual authentication (biometric + PIN), logging of all entry

5.2 Surveillance & Monitoring

  • CCTV coverage of all entry/exit points and work areas
  • 24/7 security operations center (SOC) monitoring
  • Video retention for 90 days (sensitive areas: 180 days)
  • Motion detection and intrusion alarms
  • Security patrols every 2 hours

5.3 Workspace Security

  • Clean Desk Policy: No confidential documents left on desks
  • Locked Cabinets: Secure storage for physical files
  • Screen Privacy Filters: Anti-glare filters on sensitive workstations
  • Visitor Restrictions: No access to production floor without escort
  • Mobile Device Policy: Personal phones locked in designated areas

5.4 Data Destruction

Secure disposal procedures:

  • Paper Documents: Cross-cut shredding (DIN P-4 standard)
  • Hard Drives: DoD 5220.22-M wiping + physical destruction
  • Digital Media: Degaussing and physical shredding
  • Certificate of Destruction: Provided for all data disposal

6. Incident Response & Business Continuity

6.1 Security Incident Response Plan

4-Phase Response:

  1. Detection & Analysis: 24/7 monitoring, automated alerts, security team triage
  2. Containment: Isolate affected systems, prevent spread, preserve evidence
  3. Eradication & Recovery: Remove threat, restore systems, validate integrity
  4. Post-Incident: Root cause analysis, remediation, lessons learned

6.2 Data Breach Notification

If a data breach occurs:

  • Client Notification: Within 72 hours of discovery
  • Regulatory Notification: As required by DPDP Act, GDPR, etc.
  • Affected Individuals: Direct notification if high risk to rights/freedoms
  • Breach Report: Detailed incident report including timeline, impact, remediation

6.3 Business Continuity Plan (BCP)

Disaster Recovery

  • Recovery Time Objective (RTO): 4 hours for critical systems
  • Recovery Point Objective (RPO): 1 hour (maximum data loss)
  • Backup Locations: Geo-redundant secondary site in different Indian state
  • Annual Testing: Full DR drill with documented results
  • Hot Standby: Real-time replication for mission-critical applications

7. Compliance & Certifications

7.1 Regulatory Compliance

Vantrix Global complies with:

  • Information Technology Act, 2000 (India)
  • Digital Personal Data Protection Act, 2023 (DPDP Act)
  • ISO/IEC 27001:2013 (Information Security Management)
  • ISO/IEC 27701:2019 (Privacy Information Management)
  • GDPR (for EU client data)
  • CCPA (for California client data)
  • PCI DSS (for payment card data processing)
  • SOC 2 Type II (Service Organization Control)

7.2 Current & Target Certifications

ISO 27001:2013 (In Progress) ISO 27701:2019 (Planned) SOC 2 Type II (Planned) PCI DSS v4.0 (For Payment Services)

7.3 Third-Party Audits

  • Annual external security audit by certified firms
  • Quarterly vulnerability assessments and penetration testing
  • Client-requested audits accommodated (reasonable advance notice)
  • Audit reports available to Clients under NDA

8. Client-Specific Security

8.1 Dedicated Infrastructure Options

For high-security requirements:

  • Private Cloud: Isolated virtual infrastructure
  • Dedicated Servers: Physical hardware solely for your data
  • Client-Managed Keys: You control encryption keys
  • On-Premise Deployment: Services delivered from your location
  • Hybrid Model: Combination of cloud and on-premise

8.2 Custom Security Controls

We can implement:

  • Client-specified encryption standards
  • Custom access control policies
  • Additional audit logging and monitoring
  • Integration with Client's SIEM/SOC
  • Compliance with industry-specific regulations (HIPAA, FINRA, etc.)

8.3 Right to Audit

Clients have the right to:

  • Request security documentation and policies
  • Conduct on-site security audits (with 30 days' notice)
  • Review access logs for their data
  • Request penetration test results
  • Verify compliance with contractual security obligations

9. Data Localization & Sovereignty

9.1 Data Residency

  • Primary Storage: All Client data stored in Indian data centers
  • Backup Locations: Within India (multiple geographic regions for redundancy)
  • Processing Location: Operations conducted from Indian facilities
  • No International Transfer: Unless explicitly authorized by Client in writing

9.2 Cross-Border Transfer (When Required)

If Client authorizes international data transfer:

  • Standard Contractual Clauses (SCCs) executed
  • Adequacy decision verified (EU adequacy, etc.)
  • Data Processing Agreement (DPA) signed
  • Transfer Impact Assessment (TIA) conducted
  • Data localization copy maintained within India

10. Vendor & Subcontractor Management

10.1 Third-Party Risk Management

All subcontractors and vendors undergo:

  • Due diligence and security assessment
  • Contractual data protection obligations (equivalent to ours)
  • Regular security audits and compliance reviews
  • Right to audit provisions
  • Incident notification requirements

10.2 Approved Subcontractors

Vantrix Global maintains a list of pre-approved subcontractors:

  • Cloud Infrastructure: AWS India, Google Cloud India, Azure India
  • Security Tools: [To be specified based on actual vendors]
  • Communication: Microsoft 365, Google Workspace

Client Consent: Use of subcontractors requires prior written consent or pre-approval in Service Agreement.

11. Insurance Coverage

Vantrix Global maintains comprehensive insurance:

  • Cyber Liability Insurance: Covers data breaches, cyber attacks, ransomware
  • Professional Indemnity: Errors & omissions in service delivery
  • General Liability: Third-party claims
  • Coverage Amount: [To be specified upon policy purchase]

Insurance certificates available to Clients upon request.

12. Contact & Reporting

Chief Information Security Officer (CISO)

Address: Vantrix Global, Udaipur, Rajasthan 313001, India
Emergency: 24/7 Security Incident Hotline (details provided to active Clients)

12.1 Security Incident Reporting

To report a security concern:

  • Email: info@vantrixglobal.com (Subject: SECURITY INCIDENT)
  • Phone: 24/7 hotline (provided to Clients)
  • Portal: Secure incident reporting via Client portal
  • Response Time: Acknowledgment within 2 hours, initial assessment within 4 hours

12.2 Security Questions

For general security inquiries:

Updates to Security Practices: Vantrix Global continuously improves security measures. Material changes to this NDA & Security policy will be communicated 60 days in advance. Enhanced security measures may be implemented immediately when necessary to protect Client data.

Our Promise: Your data security is our top priority. We invest continuously in people, processes, and technology to ensure your confidential information remains protected. If you have any concerns, please contact us immediately — we're here to help 24/7.

Vantrix Global — Secure, Compliant, Trusted BPO Partner

Udaipur, Rajasthan 313001, India | info@vantrixglobal.com

Home Privacy Policy Terms of Service NDA & Security

© 2026 Vantrix Global. All rights reserved.