TeamsOnGo

Legal · Sprintflux Technologies Pvt. Ltd.

Security at TeamsOnGo

Effective: 2026-05-04 · CIN: U58201MH2025PTC462858 · GSTIN: 27ABSCS0656A1ZA

TeamsOnGo is built for the real world. Security is engineered, not bolted on.

Compliance roadmap

  • SOC 2 Type II, in progress, target 2027
  • ISO 27001, target 2027
  • GDPR, India DPDP, CCPA aligned

Infrastructure

  • Hosted on AWS, multi-AZ, with quarterly DR drills.
  • Secrets in AWS KMS / Secrets Manager. No long-lived AWS access keys in CI.
  • Network segmentation, WAF, DDoS protection, private subnets for data stores.

Application security

  • OWASP Top 10 controls; SAST (Semgrep), SCA (Snyk), DAST quarterly.
  • Code review on every change; staging mirror of production.
  • Authentication: Argon2id password hashing, JWT with short TTL + httpOnly refresh tokens, optional MFA.
  • Multi-tenant isolation via tenant-scoped queries plus row-level security.

Data protection

  • TLS 1.3 in transit. AES-256 at rest. Field-level encryption for highly sensitive data.
  • Backups encrypted, geo-redundant, tested monthly.
  • Logical and physical access logged and reviewed.

Vulnerability disclosure

Found something? Email info@teamsongo.com with the subject prefix “[Security]”. We acknowledge within 72 hours and triage within 5 business days. We do not pursue legal action against good-faith research.

Incident response

24×7 on-call rotation, runbooks per service, public status page (status.teamsongo.com once live). Customers are notified of any confirmed personal-data breach within 72 hours.