EmpTrack AI — Trust & Security
Your workforce data, protected by design.
EmpTrack AI is an AI-powered HRMS and workforce-intelligence platform built with security, privacy, and compliance at its core. This page explains, in plain language, how we protect your data and how we align with Indian law.
Operated by: Lakshay Devendra Porchattiwar (Founder & CEO) Registered Office: 53B, Deepakamale Layout, Trilok Nagar, Duttawadi, Wadi, Nagpur - 440021, Maharashtra, India Security / Grievance Contact: user.support@emptrackai.online Last Updated: [Insert Date] Platform Status: Under active development (beta / pre-release)
Note: EmpTrack AI is currently under active development. We are building toward formal certifications and continuously strengthening our controls. This page describes our security posture and commitments; where a certification is in progress rather than achieved, we say so clearly.
1. Our Security Commitment
We treat the protection of your employees' and applicants' data as a core responsibility, not an afterthought. Our practices are designed to meet the "reasonable security practices and procedures" standard under Section 43A of the Information Technology Act, 2000 and the SPDI Rules, 2011, and are informed by leading frameworks including ISO/IEC 27001, ISO/IEC 27701, the NIST Cybersecurity Framework, and OWASP.
2. How We Protect Your Data
Encryption. Data is encrypted in transit using TLS and at rest using industry-standard cryptography.
Access control. We enforce Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA), OTP verification, and the principle of least privilege, so people can access only what they need.
Audit logging. Critical activity is logged to support accountability, investigations, and admissibility as electronic evidence under Indian law (Bharatiya Sakshya Adhiniyam, 2023).
Application & infrastructure security. We apply secure-development practices, API security, rate limiting, input validation, and secrets management, guided by OWASP and NIST.
Backups & resilience. We maintain regular backups and disaster-recovery practices aligned with the goals of ISO 22301 to support business continuity.
3. Privacy by Design
We respect the fundamental right to privacy under Article 21 of the Constitution of India (as affirmed in Puttaswamy, 2017) and apply the core principles of the Digital Personal Data Protection Act, 2023: lawfulness, purpose limitation, data minimization, storage limitation, and accountability.
For HR data you upload, you are the Data Fiduciary and EmpTrack AI is your Data Processor — we process it only on your instructions. Full details are in our Privacy Policy and Data Processing Agreement.
Your rights. We support Data Principal rights including access, correction, erasure, grievance redressal, nomination, and withdrawal of consent.
4. Responsible AI
Our AI features (AI Analytics, AI Assistant, AI Insights, Productivity Analytics) are designed to support human decisions, not replace them.
- Human oversight: HR decisions require meaningful human review, consistent with Article 14 of the Constitution of India (non-discrimination).
- Fairness: We work to reduce bias and expect customers to validate outputs before relying on them.
- AI security: We apply controls against prompt injection, model abuse, and unauthorized data extraction.
- No unauthorized training: We do not train third-party generative models on your identifiable data without consent; we use only aggregated/anonymized data to improve the service.
5. Compliance Posture
EmpTrack AI is designed to align with India's key legal and regulatory framework, including:
- Constitution of India — Article 21 (privacy) and Article 14 (non-discrimination)
- Information Technology Act, 2000 and the SPDI Rules, 2011
- IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
- Digital Personal Data Protection Act, 2023 and the DPDP Rules (as notified)
- CERT-In Directions, 2022 (incident reporting)
- Consumer Protection Act, 2019 and E-Commerce Rules, 2020
- Bharatiya Nyaya Sanhita, 2023 and Bharatiya Sakshya Adhiniyam, 2023
We are also working toward internationally recognized certifications (ISO/IEC 27001, ISO/IEC 27701, SOC 2). Current certification status is available on request.
6. Incident Response & Breach Notification
If a security incident occurs, we act quickly to contain and assess it, notify affected customers without undue delay, and report reportable cyber incidents to CERT-In as required under the IT Act, 2000. Where required, we assist customers in meeting their notification obligations to the Data Protection Board of India and affected individuals under the DPDP Act, 2023.
7. Shared Responsibility
Security is a partnership. We secure the Platform infrastructure and operate it lawfully. You manage your users and roles, keep credentials safe, ensure the lawfulness of the data you upload, obtain the consents you need, and apply human oversight to AI outputs. Together, this keeps everyone's data safe.
8. Data Location & Transfers
Your data is primarily processed in India. Any transfer or hosting outside India is carried out in accordance with the DPDP Act, 2023 and any restrictions notified by the Central Government, with appropriate safeguards. We inform customers of hosting locations.
9. Report a Security Concern
Found a vulnerability or have a security question? We want to hear from you.
- Contact: Lakshay Devendra Porchattiwar — Founder & CEO / Grievance Officer & Data Protection Contact
- Email: user.support@emptrackai.online
- Address: 53B, Deepakamale Layout, Trilok Nagar, Duttawadi, Wadi, Nagpur - 440021, Maharashtra, India
We acknowledge reports within [48 hours] and handle them responsibly.
10. Related Documents
For full details, see our Terms and Conditions, Privacy Policy, Data Processing Agreement, Acceptable Use Policy, Cookie Policy, and Service Level Agreement.
Disclaimer: This page describes EmpTrack AI's security and compliance approach as of its last-updated date and is provided for informational purposes; it does not constitute legal advice or a warranty of absolute security. As the Platform is under active development, controls and certifications continue to evolve. Nothing here should be read as claiming a certification not yet obtained.