Security Policy

Last Updated: 28 November 2025

At Tiffinx, we take the security of our platform, user data, and community interactions seriously.
Although we operate as a Business Auxiliary Service (BAS) connecting Home Kitchens and Foodies, we ensure that all digital operations follow strong security principles, responsible practices, and industry-aligned safeguards.

This Security Policy describes how we approach the protection of user information, platform systems, data handling, and vulnerability reporting.

1. Our Commitment to Security

Tiffinx is committed to:

• protecting user data from unauthorized access
• preventing misuse or manipulation of platform systems
• maintaining transparency about how data is used
• ensuring lawful and ethical handling of all information
• continuously improving our platform’s security standards

While we are currently in an early-stage and evolving phase, we prioritize adopting secure-by-design principles in every update.

2. Infrastructure & Data Protection

2.1 Encrypted Data Transmission

All communication between the Tiffinx platform and users is transmitted using industry-standard encryption protocols (HTTPS/TLS) to prevent interception or tampering.

2.2 Secure Storage Practices

Where applicable, user data is stored in secure environments with:

• restricted access controls
• authentication layers
• encryption mechanisms for sensitive fields
• periodic monitoring

2.3 Minimal Data Collection

Tiffinx follows a privacy-first approach, collecting only the data necessary for platform functionality such as:

• basic user details
• order interaction logs
• communication information
• delivery-related information (if needed in future updates)

We avoid collecting excessive, unnecessary, or highly sensitive personal information.

3. Application Security

3.1 Regular Security Reviews

The platform undergoes periodic assessments to identify weaknesses, bugs, or vulnerabilities, followed by necessary fixes.

3.2 Protected APIs

All Tiffinx APIs are protected using authentication and validation layers to prevent:

• unauthorized access
• API abuse
• malicious queries
• data extraction attempts

3.3 Fraud & Abuse Prevention

We actively monitor platform activity to detect:

• fake accounts
• fraud attempts
• unusual transaction patterns
• abusive communication
• suspicious login behavior

Accounts violating security norms may be restricted or removed.

4. User-Level Security

4.1 Password Protection

Users must choose strong passwords, and Tiffinx never stores passwords in plain text. Encrypted hashing methods are used.

4.2 Device & Session Awareness

Tiffinx may implement (as features evolve):

• login session tracking
• suspicious login detection
• session timeout mechanisms

4.3 Reporting Suspicious Activity

If users notice:

• unauthorized access
• suspicious activity
• unknown login attempts
• fake profiles
• misleading or fraudulent behavior

They should report it immediately at: support@tiffinx.in

5. Data Disclosure to Authorities

In accordance with Section 7.1 of our Terms of Service:

If legally required, Tiffinx will cooperate fully with:

• government bodies
• law enforcement
• FSSAI regulators
• cyber cells
• consumer courts
• tax authorities
• or other authorized agencies

We will share only the information legally required, such as:

• user account details
• order logs
• communication records
• violation reports

This ensures lawful operations and community protection.

6. Third-Party Integrations

6.1 Secure Integrations Only

Any third-party tools, cloud services, or analytics systems we use undergo security review and operate under secure protocols.

6.2 No Unnecessary Sharing

We do not sell or transfer user data to third-party companies for marketing or profiling.

6.3 Trusted Platforms

Whenever we integrate third-party services, they must follow:

• secure data handling
• strong encryption
• compliance with Indian IT laws

7. Vulnerability Disclosure Program (VDP)

We welcome responsible security researchers, developers, and ethical hackers to help us improve our platform.

If you discover a vulnerability or security issue:

Please report it responsibly to:

Email: security@tiffinx.com

Rules for responsible reporting:

• Do not exploit the vulnerability
• Do not access or modify data that does not belong to you
• Do not disrupt platform services
• Provide clear steps or proof-of-concept
• Allow us reasonable time to fix the issue before public disclosure

Tiffinx appreciates community contributions toward building a safer platform.

8. Limitations of Security Measures

While Tiffinx implements reasonable security protections, no digital system is 100% secure.
Users should also practice safe behavior such as:

• avoiding sharing OTPs or passwords
• verifying profiles before communication
• reporting suspicious Kitchens/Foodies
• avoiding external payment links
• maintaining secure devices

Security is a shared responsibility.

9. Updates to This Security Policy

As Tiffinx evolves, improves, and aligns with updated government regulations, this Security Policy may be modified.
We reserve the right to update the document without prior notice.

Continued use of the platform indicates acceptance of the updated Security Policy.

10. Contact Us

For security issues, compliance concerns, or breach-related questions:

Security Email: security@tiffinx.in
Support Email: support@tiffinx.in