Security Statement

Effective June 13, 2026 · Version 1.0

1. Our commitment

Davanji takes the security of customer data seriously. We follow industry-recognized practices to protect information stored in our platform and handled by our consultants.

2. Application security

• Encrypted connections (TLS/HTTPS) for all platform traffic
• Passwords hashed using industry-standard bcrypt with appropriate cost
• Cross-site request forgery (CSRF) protection on form submissions
• Server-side input validation and prepared SQL statements
• Role-based access control with organization-level data separation
• Session timeout and rotating session identifiers
• Honeypot fields and basic rate limiting on public forms

3. Infrastructure

• Hosting on reputable managed providers
• Regular backups of customer data
• Access to production systems limited to authorized personnel

4. Organizational controls

• Background checks on personnel with access to customer data
• Confidentiality agreements with employees and contractors
• Documented incident-response procedures
• Periodic review of access privileges

5. Customer responsibilities

Customers are responsible for: choosing strong account passwords; safeguarding credentials; promptly removing access when personnel leave; reviewing role assignments; and reporting suspected security issues to us promptly.

6. Reporting vulnerabilities

If you believe you have found a security vulnerability, please email support@davanjiehssolutions.com. Do not disclose the issue publicly until we have had a reasonable opportunity to address it.

7. Limitations

No security system is impenetrable. Davanji makes no warranty that information will never be subject to unauthorized access; we work continuously to reduce that risk.