Data Security

At LandLens, operated by GEN Z REAL ESTATE (OPC) PRIVATE LIMITED under the brand Verified.RealEstate, we understand that property documents and verification data are highly sensitive.

Our security commitment includes:

• Confidentiality: Your documents and data are accessible only to authorized systems and personnel
• Integrity: We ensure data accuracy and prevent unauthorized modifications
• Availability: Your reports and data are accessible when you need them
• Accountability: We maintain audit trails and take responsibility for data protection

We continuously invest in security infrastructure, conduct regular assessments, and stay updated with evolving threats and best practices.

2.1. Data in Transit:

• TLS 1.3: All data transmitted between your browser and our servers is encrypted using the latest TLS 1.3 protocol
• 256-bit SSL: We use 256-bit SSL encryption for all HTTPS connections
• Perfect Forward Secrecy: Each session uses unique encryption keys
• HSTS Enabled: HTTP Strict Transport Security enforces secure connections

2.2. Data at Rest:

• AES-256: All stored data is encrypted using AES-256 encryption
• Encrypted Databases: Database encryption at rest with managed keys
• Encrypted Backups: All backup data is encrypted before storage
• Secure Key Management: Encryption keys are managed through secure key management systems

2.3. Document Encryption:

• Uploaded documents are encrypted immediately upon receipt
• Documents are decrypted only during processing within secure environments
• Generated reports are encrypted before storage

3.1. Cloud Infrastructure:

• Hosted on enterprise-grade cloud infrastructure from SOC 2 Type II certified providers
• Geographically redundant data centers in India
• Physical security with 24/7 surveillance, biometric access, and security guards
• Redundant power supply and cooling systems

3.2. Network Security:

• Web Application Firewall (WAF): Protection against OWASP Top 10 vulnerabilities
• DDoS Protection: Distributed denial-of-service attack mitigation
• Intrusion Detection/Prevention: Real-time monitoring for suspicious activities
• Network Segmentation: Critical systems isolated in separate network zones
• VPN: Secure VPN for administrative access

3.3. Application Security:

• Secure Software Development Lifecycle (SSDLC) practices
• Regular code reviews and static analysis
• Dependency scanning for vulnerable libraries
• Input validation and output encoding
• SQL injection and XSS protection

4.1. Authentication:

• OTP-Based Login: Secure one-time password authentication via SMS
• Session Management: Secure session tokens with automatic expiry
• Device Recognition: Alerts for login from new devices
• Rate Limiting: Protection against brute force attacks

4.2. Authorization:

• Role-Based Access Control (RBAC): Permissions based on user roles
• Principle of Least Privilege: Users access only what they need
• Segregation of Duties: Critical functions require multiple approvals

4.3. Administrative Access:

• Multi-factor authentication required for all admin access
• Privileged access management with approval workflows
• All administrative actions logged and audited
• Regular access reviews and revocation of unused privileges

5.1. Upload Security:

• Virus and malware scanning on all uploads
• File type validation to prevent malicious files
• Secure upload channels with encryption
• Size limits to prevent abuse

5.2. Processing Security:

• OCR processing in isolated, secure containers
• No persistent storage of intermediate processing data
• Automatic cleanup after processing completion

5.3. Storage and Retention:

• Uploaded documents automatically deleted within 90 days
• Option to request immediate deletion
• Secure deletion with data overwriting
• Generated reports retained per our data retention policy

5.4. Report Security:

• Unique verification codes on each report
• Digital watermarking for authenticity
• Secure sharing links with expiry controls
• Access logging for shared reports

6.1. Security Monitoring:

• 24/7 security monitoring and alerting
• Security Information and Event Management (SIEM)
• Anomaly detection for unusual activities
• Real-time threat intelligence feeds

6.2. Logging and Audit:

• Comprehensive logging of all system activities
• Tamper-proof log storage
• Log retention for compliance and forensics
• Regular log reviews and analysis

6.3. Alerting:

• Automated alerts for security events
• Escalation procedures for critical incidents
• Integration with incident response workflows

7.1. Regular Testing:

• Vulnerability Assessments: Regular automated scanning for vulnerabilities
• Penetration Testing: Annual third-party penetration tests
• Code Reviews: Security-focused code reviews for new features
• Configuration Audits: Regular review of security configurations

7.2. Compliance Audits:

• Annual security audits by independent assessors
• Compliance with industry standards and regulations
• Remediation of findings within defined timelines

8.1. Incident Response Plan:

We maintain a comprehensive incident response plan that includes:

• Detection: Rapid identification of security incidents
• Containment: Immediate isolation of affected systems
• Eradication: Removal of threats and vulnerabilities
• Recovery: Restoration of normal operations
• Lessons Learned: Post-incident analysis and improvements

8.2. Breach Notification:

In the event of a data breach affecting your personal information:

• Notification to affected users within 72 hours
• Clear communication about nature and scope of breach
• Steps taken to mitigate impact
• Recommendations for protective measures
• Notification to regulatory authorities as required

9.1. Background Checks:

• Background verification for all employees
• Enhanced checks for employees handling sensitive data

9.2. Security Training:

• Mandatory security awareness training for all employees
• Regular training updates on emerging threats
• Phishing simulation exercises
• Role-specific security training

9.3. Confidentiality:

• Non-disclosure agreements with all employees
• Clear data handling policies
• Strict prohibition on unauthorized data access

10.1. Vendor Assessment:

• Security assessments before vendor onboarding
• Review of vendor security certifications
• Contractual security requirements
• Ongoing monitoring of vendor security posture

10.2. Data Sharing:

• Minimum necessary data shared with third parties
• Data processing agreements with all vendors
• Encryption for all data transfers
• Regular audit of third-party data access

10.3. Our Key Partners:

We work with industry-leading security-conscious partners for:

• Cloud hosting and infrastructure
• Payment processing (PCI DSS compliant)
• Communication services

11.1. Indian Regulations:

• Information Technology Act, 2000: Compliance with IT Act provisions
• IT Rules, 2011: Reasonable security practices for sensitive data
• CERT-In Directives: Adherence to cybersecurity guidelines

11.2. International Standards:

• GDPR: Compliance for EU users' data
• ISO 27001: Information security management alignment
• OWASP: Following secure development practices

11.3. Industry Best Practices:

• NIST Cybersecurity Framework alignment
• CIS Controls implementation
• Regular benchmark assessments

12.1. Disaster Recovery:

• Geographically distributed backup systems
• Regular backup testing and validation
• Defined Recovery Time Objectives (RTO)
• Defined Recovery Point Objectives (RPO)

12.2. High Availability:

• Redundant systems and failover mechanisms
• Load balancing across multiple servers
• Database replication for data availability

12.3. Business Continuity Planning:

• Documented business continuity procedures
• Regular testing and drills
• Communication plans for incidents

Security is a shared responsibility. We recommend users:

• Protect Your Account: Keep your phone number updated for OTP verification
• Secure Devices: Use secure, updated devices to access LandLens
• Report Suspicious Activity: Immediately report any unauthorized access
• Verify Links: Only access LandLens through official URLs
• Logout: Sign out when using shared or public devices
• Document Security: Store downloaded reports securely

14.1. We welcome responsible disclosure of security vulnerabilities.

14.2. If you discover a security issue, please:

• Email us at [email protected]
• Provide detailed information about the vulnerability
• Allow reasonable time for us to address the issue before public disclosure
• Do not exploit the vulnerability or access others' data

14.3. We commit to:

• Acknowledge receipt within 24 hours
• Provide regular updates on remediation progress
• Credit researchers (with permission) for valid reports
• Not pursue legal action against good-faith researchers

For security-related questions, concerns, or reports: