Data Protection & Encryption Policy

InnoSpark.ai is committed to safeguarding personal data and ensuring compliance with applicable data protection standards. The security measures outlined in this policy are integral to achieving the data protection standards mandated by the InnoSpark.ai Information Management Policy.

Encryption must be employed to safeguard the InnoSpark.ai’s non-public information from unauthorized disclosure. It is the responsibility of all personnel to evaluate the confidentiality level of any data transmitted or stored on the devices they utilize. In the event that the data is classified as non-public, all employees of the InnoSpark.ai are obligated to adhere to the Encryption Standard in full compliance with this policy

  1. To provide data confidentiality in the event of accidental or malicious data loss, all Personal Data, PII, SCI or Subscriber Data shall be encrypted at rest. Encryption of data at rest shall use at least AES 256-bit encryption.

  2. Strong cryptography and security protocols, such as TLS 1.2 or IPSEC, are required to safeguard Personal Data, PII, SCI or Subscriber Data during transmission.

  3. Key exchange shall use RSA or DSA cryptographic algorithms with a minimum key length of 2048 bits and minimum digest length of 256.

  4. Digital signatures shall use RSA, DSS with a minimum key length of 2048 bits and minimum digest length of 256.

  5. Encryption of wireless networks shall be enabled using the following encryption levels, while separating the networks based on the type of device being used:

    1. Corporate owned:

      1. Network Access: All corporate plus Internet

      2. Authentication 802.1x + AES (MFA)

    2. Corporate owned (generic, such as video kiosks):

      1. Network Access: Only Internet

      2. Authentication: MAC (WPA2 PSK)

    3. Employee Bring Your Own Device (BYOD):

      1. Network Access: Only Internet

      2. Authentication: 802.1x + AES

    4. Guest BYOD:

      1. Network Access: Only Internet

      2. Authentication: MAC with captive portal

  6. Any wireless network encryption requirements that cannot be addressed by the identified device types above must be reviewed and approved by Information Security.

  7. Personal Data, PII, SCI or Subscriber Data shall not be stored on equipment that is not owned or managed by InnoSpark Services Pvt. Ltd.

  8. Data shall be transferred only for the purposes determined/identified in InnoSpark.ai’s Data Security & Privacy Statement.

  9. Documented policies and process shall be implemented to ensure appropriate encryption and key management is in place, including periodic key rotation.

  10. If you are unsure regarding the level of required encryption or specific encryption policies, you shall contact Information Security for guidance and approval.

  11. Data loss prevention processes and tools shall be implemented to identify and/or prevent data loss.

Ensuring compliance with data protection regulations.

Need Help : contact@innospark.ai

Corporate Office : 716, ILD Trade Centre, Sector-47, Gurugram, Haryana- 122018, India
Sales Office : 202, EF3 Mall, Mathura Road, Sector 20A, Faridabad, Haryana- 121001, India

InnoSpark Services Private Limited © 2024. All rights reserved.
CIN: U62013HR2024PTC122886
GISTIN: 06AAHCI7384P1ZR