Trust

Trust, by design.

UMAP360 ships with DPDP 2023 and GDPR compliance built from day one. SHA-256-hashed PII, AES-256 encryption, India-resident data, no surprises.

DPDP 2023
GDPR
SOC 2 in progress
SHA-256
AES-256

Security

Built into every layer.

Security is built into every layer of UMAP360, not bolted on as an afterthought.

01
SHA-256 Hashing
All personally identifiable information (email, phone) is SHA-256 hashed before storage. We never store raw PII in our event database.
02
AES-256 Encryption
All data in transit uses TLS 1.3, and data at rest is encrypted with AES-256. Your data is protected at every step.
03
AWS Infrastructure
Hosted on AWS with multi-region redundancy and automated backups. Trigger Engine carries a 99.9% target SLA — current live uptime is published on the status page.
04
Tenant Isolation
Strict tenant isolation ensures your data never touches another client's environment. Complete data separation guaranteed.
05
Audit Logging
Comprehensive audit logs track all data access and modifications. Full transparency for compliance and security reviews.
06
SOC 2 In Progress
We are currently working toward SOC 2 Type II certification. Contact us for our latest security documentation.

Compliance

DPDP-native, GDPR-compatible.

Privacy-first infrastructure built for Indian businesses from day one.

✓ Compliant

DPDP Act 2023

Built for India's Digital Personal Data Protection Act from the ground up with native consent management and data rights handling.

Consent management built-in
Right-to-Erasure API endpoint
Data residency in India
30-day deletion guarantee

✓ Compatible

GDPR

Full compliance with EU data protection principles. Data minimisation, purpose limitation, and user rights are built into the platform core.

Data minimisation by design
Purpose limitation enforced
DPA available on request
Data export functionality

Legal hub

Read the policies.

How we handle your data.

Data collection, processing purposes, sub-processors, retention, and your rights under DPDPA, GDPR, and CCPA.

Read the policy Data Deletion

Request your data removed.

Full account deletion, selective category deletion, Meta / Google specific flows. 30-day SLA, 90-day grace period.

Request deletion Terms of Service

The rules of engagement.

Subscription billing, acceptable use, SLA credits, and limitation of liability. Operated by UMAP360 Private Limited.

Read the terms Refund Policy

Cancellations and refunds.

14-day trial covers buyer’s remorse. Cancel anytime, no lock-in. SLA credits for Enterprise uptime. Dispute escalation path.

Read the policy Cookie Policy

Which cookies we set.

Essential vs. analytics, the consent flow, browser controls. No advertising or tracking cookies — ever.

Read the policy

DPA

Data Processing Agreement

Available for Growth & Enterprise customers

A Data Processing Agreement (DPA) is available for Growth and Enterprise customers. Our standard DPA covers: the scope and purpose of data processing, sub-processor disclosures, security obligations, data subject rights procedures, and breach notification protocols in line with DPDP 2023 and GDPR requirements.

Enterprise customers requiring a signed DPA before onboarding, or requiring a custom DPA to reflect your organisation’s requirements, can request one from our team.

Live status

Uptime, at a glance.

90-day uptime, incident count, and ingest latency across every UMAP360 service.

Live status page

Real-time monitor state, heartbeat strips, incident history.

Every UMAP360 service, ingest probe, and edge function — refreshed every minute from the live monitoring pipeline.

View live status

Security questions?

Security assessments, compliance questionnaires, custom DPA requirements — our team is here to help.

Contact security team

DPDP · GDPR · SHA-256 · SOC 2 in progress