Security Policy – BharatFare
Effective Date: August 31, 2025
This Security Policy describes how BharatFare protects user data, payment information, booking details, and platform access. It outlines the measures in place to secure systems and clearly defines user responsibility to maintain a safe environment.
1. Objective of the Security Policy
- The purpose of this policy is to ensure confidentiality, integrity, and availability of all data processed by BharatFare.
- This includes personal data, booking information, operational data, and communications.
2. Platform Security Measures
- BharatFare uses multiple layers of security technology, including:
- Secure website encryption through HTTPS.
- Controlled server access through authentication and monitoring.
- Regular infrastructure updates to address security vulnerabilities.
- Firewalls and network filters to block suspicious traffic.
3. Data Encryption and Protection
- All sensitive information such as personal details and login sessions is stored in encrypted form.
- Payment details are not stored by BharatFare. Only encrypted payment tokens provided by trusted payment gateways are used.
4. User Authentication and Account Safety
- User accounts require secure login credentials.
- Users must not share passwords or login details with others.
- Users are responsible for keeping their devices secure.
- BharatFare is not liable for breaches caused by weak user passwords, shared devices, or unsafe networks.
5. Payment Security
- Payments are processed securely through third party gateways such as Stripe and Razorpay.
- These gateways use internationally recognised encryption and fraud protection.
- BharatFare never handles or stores full card numbers.
6. Monitoring and Fraud Detection
- System activity is monitored for anomalies such as repeated failed login attempts or unusual booking behaviour.
- Suspicious activity may result in temporary account suspension, additional verification, or booking restriction.
7. Access Control for Internal Staff
- Only authorised team members are allowed to access user data.
- Access is based on role requirements.
- Logs are maintained for internal access to sensitive data.
8. API and System Communication Security
- API communication is done through secure channels.
- Rate limits are applied to prevent misuse or automated attacks.
- Data sharing between systems follows strict protocols.
9. Third Party Service Provider Standards
- BharatFare partners with trusted service providers who follow standard security practices.
- These include hosting providers, communication tools, and payment processors.
- Third party providers must comply with required data protection regulations.
10. Data Retention and Storage
- Data is stored only for as long as required for booking management, regulatory compliance, and audits.
- Users may request deletion of their data except where data retention is legally required.
11. Incident Response and Breach Policy
- If a security incident occurs, BharatFare will:
- Investigate the incident immediately.
- Take corrective actions.
- Notify affected users where required by law.
- BharatFare is not responsible for breaches caused by external systems, user negligence, or events beyond reasonable control.
12. User Responsibilities
- Users must ensure:
- Their devices are virus free.
- They are using updated browsers.
- They do not access BharatFare on unsecured public networks.
- They update passwords when necessary.
13. Liability Limitation
- BharatFare does not guarantee uninterrupted service or immunity from cyber threats.
- BharatFare is not liable for:
- Losses due to user error.
- Losses due to third party system failure.
- Losses caused by internet outages or attacks beyond BharatFare’s control.
- Maximum liability is limited to service fees paid.
14. Policy Updates
- This Security Policy may be updated without prior notice.
- Continued use of the platform means acceptance of the latest version.
15. Contact Information
- For security-related questions or concerns: support@bharatfare.com
