Security at WeConsentNow
Security is foundational to WeConsentNow. We design our systems assuming that consent enforcement must be provable, auditable, and resilient.
1. Architecture Principles
- Consent is enforced at time of use
- No implicit trust between systems
- Defense-in-depth approach
- Least-privilege access
2. Data Protection
- Encryption in transit (TLS)
- Encryption at rest where applicable
- Tenant-level logical isolation
- Secure secrets management
3. Access Controls
- Role-based access control
- Environment separation (prod / staging)
- Limited administrative access
4. Audit & Logging
- Immutable audit logs
- Timestamped consent state changes
- Access decision records
- Logs retained per customer policy
5. Incident Management
- Monitoring and alerting
- Incident response procedures
- Customer notification where required
6. Compliance Alignment
Our design aligns with principles from:
- India DPDP Act
- Sectoral data protection requirements
- Enterprise audit expectations
Formal certifications may be added over time.