Compliance

01. Introduction

MAWALOG ensures GDPR-compliant data processing, safeguarding user, client, and partner information across our website, products, and services with a strong focus on security, transparency, and compliance with data protection regulations.

02. Scope of GDPR Compliance

This policy is applicable to all of MAWALOG's goods and services. Personal information gathered from clients, associates, staff members, and internet users. Information handled via our platforms, apps, and software.

03. Lawful Basis for Processing Personal Data

Lawful Basis for Processing Personal Data MAWALOG handles personal information for the following legal reasons: Users' express consent to the gathering and processing of their data is known as consent.

• Transactional Necessity: When processing is necessary to complete a transaction with a user or customer.
• Legal Obligations: Adhering to all applicable laws, taxes, and restrictions.
• Legitimate Interests: To promote user experience, product functionality, and business operations while protecting privacy.

04. Personal Data We Collect

Based on interactions with users, we gather and use the following categories of personal data:

• Information from End Users: Name, email, phone number, username, and password are all examples of account information.
• Use Data:Activities carried out within the product's settings, preferences, and functionality.
• Requests for Support: Information supplied via customer service channels.

05. Information from Website Visitors

IP address, browser type, device details, and website interactions are all included in cookies and analytics.

Marketing Data: Preferences of users for mailings, promotions, and communication.

06. Data from Transactions

Name, address, and payment method (processed securely through third-party payment providers) are all part of the billing and payment information.

07. How We Use Personal Data

We process personal data for the following purposes:

• Providing and improving our products: Ensuring seamless functionality and security.
• Managing customer accounts: Handling sign-ups, logins, and preferences.
• Processing transactions: Managing payments, invoicing, and order fulfillment.
• Customer Support: Responding to queries and resolving technical issues.
• Marketing and Communications:Sending product updates, newsletters, and promotional content (only with user consent).
• Legal and Compliance Obligations:Meeting regulatory and contractual requirements.

06. Data Security Measures

To protect personal information, MAWALOG employs stringent security measures:

• Encryption: Safe encryption of information while it is being sent and stored.
• Access Controls: Only authorized personnel are allowed access.
• Regular Security Audits: Frequent reviews are conducted to detect and minimize threats through regular security audits.
• Minimizing data: It means gathering only the information required to run the service.

07. Data Retention and Deletion Policy

We keep personal information for as long as is required to: Deliver our goods and services; Comply with legal, tax, or regulatory requirements. Prevent fraud and maintain security. We securely delete personal data upon user request or account deactivation, unless retention is mandated by law.

08. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right to Access:Request a copy of your personal data.
• Right to Rectification:Correct inaccurate or incomplete data.
• Right to Erasure ("Right to be Forgotten"):Request deletion of personal data.
• Right to Restrict Processing:Limit data usage under certain circumstances.
• Right to Data Portability:Obtain and transfer data in a structured format.
• Right to Object:Stop processing of personal data for marketing or legitimate interest.
• Right to Withdraw Consent:Revoke consent at any time.

09. International Data Transfers

We guarantee compliance through EU Standard Contractual Clauses (SCCs) in the event that personal data is transferred outside of the European Economic Area (EEA). Agreements with service providers about data protection. Secure protocols and encryption for data exchanges.

10. Third-Party Data Sharing

We don't sell personal information. Nonetheless, we might divulge data to:

• Cloud hosting providers: To safely store and handle user data.
• Payment Processors: To handle transactions securely.
• Third-Party Integrations: For features that are optional for the product (only with user approval).

11. Cookies and Tracking Technologies

Cookies are used to monitor website performance and improve user experience. Through browser settings, users can adjust cookie preferences or turn cookies off. For further information, see our Cookie Policy.

12. Children's Privacy

MAWALOG does not intentionally gather personal information from those younger than eighteen. We will remove any personal information we find that was supplied by a minor as soon as possible.

13. Changes to This GDPR Policy

This policy may be updated from time to time to take into account modifications to the law, new product releases, or privacy best practices. Any modifications will have an updated effective date and be announced on our website.

14. Contact Us

If you have any questions, concerns, or requests for data access regarding GDPR, please email us at support@mawalog.com Or Call us at +91-44-4856-3345.

This GDPR policy ensures compliance and builds trust with users of MAWALOG’s products and services. Let me know if you need further refinements or additional sections!

01. Introduction

MAWALOG guarantees data security, availability, and confidentiality by adhering to SOC 2 standards, ensuring strict compliance with privacy, risk management, and protection measures to safeguard user information across our systems, services, and operations.

02. Scope of SOC 2 Compliance

SOC 2 compliance is applicable to all MAWALOG infrastructure, services, and products, including:

• Personal information gathered from clients, partners, staff, and website users.
• Information handled via our cloud-based solutions, apps, and platforms.
• Service providers from outside the company that communicate with MAWALOG's systems.
• This ensures that MAWALOG’s security measures align with industry best practices for data protection, monitoring, and risk mitigation.

03. Trust Services Criteria & Security Controls

Trust Services Criteria & Security Controls MAWALOG implements robust safeguards to safeguard sensitive data in accordance with SOC 2's five trust service principles:

Security

We guard our systems against attacks, breaches, and illegal access by:

• End-to-End Encryption:Encrypt data securely while it's being transmitted and stored.
• Multi-Factor Authentication (MFA): Ensuring sensitive data is only accessed by authorized persons.
• Advanced Firewalls & Intrusion Detection Systems (IDS) :Proactively recognizing and reducing risks.

Availability

Making certain that our platform is always available and functional with:

• Robust Infrastructure:Using a redundant server architecture helps to avoid outages.
• 24/7 System Monitoring: Constant monitoring to find and fix performance problems.
• Disaster Recovery Plans:Techniques for restoring data in the event of malfunctions. </li.

Processing Integrity

Ensuring the secure, dependable, and consistent handling of data by:

• Automated Data Validation: Preventing errors and ensuring that transactions are accurate.
• Strict Change Management Policies: It ensure that security requirements are followed in updates and adjustments.

Confidentiality

Maintaining the confidentiality of critical user and corporate data by:

• Role-Based Access Control (RBAC):Limiting access according to user roles.
• Non-Disclosure Agreements (NDAs): Making certain that third parties protect the privacy of data.
• Encrypted Backups:Safe backups to avoid losing data.

Privacy

Making certain that personal information is gathered, handled, and kept in accordance with privacy laws including the CCPA, GDPR, and SOC 2 privacy criteria by:

• User Consent Management: Users can choose how they want their data to be used.
• Anonymization & Data Minimization:Getting only the information that is required.
• Privacy Policy Transparency:Having easily comprehensible privacy policies.

04. Data Retention & Secure Disposal

Data is only kept by MAWALOG for as long as is required to:

• Deliver services and fulfill regulatory requirements;
• Prevent fraud, maintain security, and satisfy legal requirements.

To ensure compliance with SOC 2 standards and regulatory requirements, we use secure data deletion techniques to completely remove business and personal data upon request or account termination.

05. Third-Party Risk Management

MAWALOG makes certain that all cloud service providers, third-party vendors, and service integrations adhere to SOC 2 compliance standards by:

• Performing security evaluations before to using third-party services.
• Making sure that SOC 2, GDPR, and other security standards are followed.
• Implementing vendor agreements that mandate adherence to data protection regulations.

06. Incident Response & Breach Notification

To identify, contain, and address security events, MAWALOG employs a systematic incident response plan. Our strategy consists of:

• Proactive Threat Detection: Keeping an eye on systems for odd behavior.
• Immediate Investigation and Containment: Swiftly recognizing and reducing hazards.
• User Notification:Notifying impacted users as soon as possible in accordance with legal regulations.

07. Ongoing Security Audits and Compliance Monitoring

In order to stay in compliance with SOC 2, MAWALOG does:

• Regular Security Audits: Separate evaluations to examine security measures.
• Penetration Testing and Vulnerability Assessments: Locating and addressing vulnerabilities in the system.
• Compliance Training: Ensuring that staff members comprehend and adhere to security best practices.

08. Your Rights & Data Protection Under SOC 2

MAWALOG is dedicated to providing people with authority over their personal information. Users are entitled to the following under SOC 2 compliance:

• Request Information on Data Security Practices: Find out how your data is protected by MAWALOG.
• Request Secure Data Deletion: Have business or personal information safely deleted.
• Verify System Integrity:Request security control and compliance reports.

09. Updates to This SOC 2 Compliance Statement

This statement may be updated by MAWALOG to reflect:

• New regulations or modifications to security policy;
• Improvements to data protection and compliance tactics.

Users will be informed of significant changes, and all updates will be posted on our website.

10. Contact Us

If you have any questions, concerns, or requests for data access regarding GDPR, please email us at support@mawalog.com Or Call us at +91-44-4856-3345.

01. Introduction

MAWALOG's Terms of Service include this Data Processing Agreement (DPA), outlining obligations for processing, storing, and safeguarding personal data while ensuring compliance with GDPR and other data protection laws for controllers.

02. Scope & Purpose of Data Processing

When MAWALOG handles personal data on the Controller's behalf, this DPA is applicable. MAWALOG is going to:

• Process personal information only for the reasons specified by the controller.
• Make sure that GDPR, SOC 2, and other relevant laws are followed.
• Prevent unauthorized access, loss, or breaches of personal data.

03. Lawful Basis for Processing Personal Data

Categories of Personal Data Processed Depending on how the Controller uses our services, MAWALOG handles the following types of personal data:

• User Account Information: Username, passwords, phone number, email address, and name.
• Usage Data: System interactions, device details, preferences, and activity logs.
• Transaction Data: Billing addresses and payment information (processed through third-party suppliers).
• Marketing Data: Subscriptions to emails and preferences for promotions (only with permission).
• Support and Communication Data: Requests made through channels for customer service.

04. Obligations of MAWALOG (Data Processor)

As the Data Processor, MAWALOG consents to:

• Follow the Controller's instructions exclusively while processing personal data.
• To protect data, put in place the proper organizational and technical security measures.
• By limiting data access to authorized personnel only, confidentiality can be ensured.
• Help the Controller with GDPR responsibilities, such as responding to requests from data subjects.
• Any data breaches should be reported to the controller within 72 hours of being discovered.
• Verify that every sub processor complies with GDPR regulations.

05. Controller’s Responsibilities

The Controller is responsible for:

• Giving MAWALOG instructions for authorized processing.
• Ensuring that the collection of user data has the appropriate legal foundation (permission, contractual necessity, or legal duty).
• Handling user requests for deletion, correction, or access to data.
• Making sure that GDPR and other data privacy laws are followed.

06. Data Retention and Deletion Policy

MAWALOG only keeps personal information for as long as it takes to complete its contractual duties or adhere to legal requirements. When services are terminated, the Controller may:

• Request Data deletion: All personal information that has been stored will be permanently deleted.
• Request data Export: A structured approach will be used to supply personal data.

After the retention term, MAWALOG automatically deletes personal data if no request is made.

07. Data Security Measures

MAWALOG employs industry-leading security measures to safeguard personal information, such as:

• End-to-End Encryption:Encrypting both at-rest and transit data.
• Access Controls and Authentication:Limiting authorized personnel's access to data.
• Regular Security Audits:Carrying out compliance analyses and penetration testing.
• Real-Time Monitoring: Identifying and stopping unwanted access.

08. Sub-Processors & Third-Party Data Transfers

For hosting, storage, and payment processing, MAWALOG may work with sub-processors, or third-party service providers. Every sub processor has to:

• Observe the GDPR and SOC 2 regulations.
• Sign contracts for data protection that guarantee absolute confidentiality.
• For international data transfers, employ secure protocols (e.g., Standard Contractual Clauses for non-EEA transfers).

09. Data Subject Rights & Compliance Support

Under GDPR, MAWALOG helps the Controller uphold the rights of data subjects, such as:

• Right to Access:Copies of users' personal information are available upon request.
• Right to Rectification:Users have the option to request that erroneous data be corrected.
• Right to Erasure ("Right to be Forgotten"): Users are able to request the deletion of data.
• Right to Data Portability:Data is available to users in a structured way.
• Right to Object:Users can choose not to have their data processed for marketing purposes.

10. Data Breach Notification

If a data breach occurs, MAWALOG will:

• Notify the Controller as soon as possible after discovering the incident.
• Describe the situation in detail, mentioning any impacted data and any possible effects.
• To reduce hazards and stop recurrence, take corrective action right away.

11. Compliance Audits & Monitoring

The Controller can request security documentation (such as audit reports and SOC 2 certifications) using MAWALOG. Under appropriate notice and non-disruption policies, conduct compliance audits. Confirm that MAWALOG complies with GDPR and best practices for data protection.

12. Termination & Return of Data

• Delete any stored personal data, unless it is mandated by law to be kept.
• If asked, provide a personal data export.
• Make sure sub processors eliminate pertinent data as well.

After the retention term, any data that is kept is safely archived and erased forever.

13. Changes to This DPA

This Data Processing Agreement may be updated by MAWALOG in response to:

• Modifications in legal or regulatory regulations.
• Security and compliance policies have been improved.
• New features or integrations with third parties are introduced.

14. Governing Law & Jurisdiction

The GDPR requirements and European Union (EU) legislation govern this DPA. Both parties agree that arbitration or legal action in a suitable jurisdiction will be used to settle disagreements.

15. Contact Us

If you have any questions, concerns, or requests for data access regarding GDPR, please email us at support@mawalog.com Or Call us at +91-44-4856-3345.

01. Introduction

MAWALOG, a sub-brand of Lentera Technologies, upholds excellence, security, and quality, leveraging Lentera’s ISO-certified frameworks for security, data protection, and quality management to ensure reliability, compliance, and client trust.

Lentera Technologies is ISO-certified, adhering to globally recognized standards, including:

• ISO 27001 – Information Security Management System (ISMS)
• ISO 9001 – Quality Management System (QMS)
• ISO 22301 – Business Continuity Management System (BCMS)

By confirming that MAWALOG adheres to the same strict compliance requirements, these certifications demonstrate our dedication to data protection, quality assurance, and operational resilience.

02. Scope of ISO Compliance for MAWALOG

MAWALOG, a division of Lentera Technologies, adheres to ISO-certified standards in the following areas:

• Web and Mobile Applications: Safe, superior, and performance-enhancing solutions.
• Cloud and Data Infrastructure: Guaranteeing hosting that is ISO-compliant, scalable, and encrypted.
• Operational Procedures: Following ISO 9001 best practices to provide exceptional service.
• User Data Protection: Putting in place security measures for both personal and business data that have been verified by ISO 27001.
• Business Continuity and Risk Management: Complementing catastrophe recovery plans certified by ISO 22301.

03. ISO 27001: Information Security Management System (ISMS)

Lentera Technologies, the parent brand of MAWALOG, is ISO 27001 certified, ensuring:

• End-to-End Data Security: Utilizing threat detection, access control, and encryption to safeguard user data.
• Risk Management and Compliance: Frequent security audits are necessary to stop vulnerabilities and breaches.
• Incident Response and Recovery: Prompt action plans for occurrences involving data security.
• Continuous Security Monitoring: System audits and compliance checks around-the-clock.

By extending these security frameworks to MAWALOG, we guarantee the highest level of data protection and regulatory compliance.

04. ISO 9001: Quality Management System (QMS)

Under Lentera Technologies’ ISO 9001 certification, MAWALOG maintains:

• Standardized Processes: Ensuring product consistency, performance, and efficiency.
• Customer Satisfaction and Quality Assurance: Meeting client needs with high-quality service delivery.
• Continuous Improvement : Ongoing audits and optimizations for better performance.
• Regulatory and Industry Compliance: Aligning with global quality standards.

This ISO 9001 framework guarantees that MAWALOG provides reliable and high-performance solutions.

05. ISO 22301: Business Continuity Management System (BCMS)

To ensure service continuity, Lentera Technologies’ ISO 22301 certification supports MAWALOG in:

• Minimizing Downtime and Disruptions: Ensuring 99.9% uptime and availability.
• Disaster Recovery and Risk Management: Implementing data backup and emergency response protocols.
• Cyber Resilience Against Threats: Protecting operations from cyberattacks and security breaches.
• Proactive Crisis Management: Mitigating risks before they impact business functions.

This ensures that MAWALOG operates securely, reliably, and without service interruptions.

06. Compliance Measures & Security Controls

MAWALOG integrates ISO-certified security, risk management, and quality controls, including:

• Data Encryption (AES-256, TLS 1.3): Securing user and business data.
• Role-Based Access Control (RBAC): Limiting access to authorized personnel.
• Multi-Factor Authentication (MFA): Adding an extra layer of security.
• Regular Security Audits and Penetration Testing (VAPT): Identifying vulnerabilities and applying security patches.
• Compliance with Global Standards (SOC 2, GDPR, NIST): Strengthening MAWALOG’s security posture.

07. Third-Party Vendor & Supply Chain Compliance

As part of Lentera Technologies' ISO-certified ecosystem, MAWALOG ensures that all third-party vendors and cloud providers comply with:

• ISO 27001 security requirements for data handling.
• ISO 9001 quality controls for service consistency.
• ISO 22301 business continuity standards for vendor risk management.

We only partner with vendors that meet our ISO compliance benchmarks, ensuring end-to-end security and service reliability.

08. Continuous Compliance Monitoring & Improvements

To maintain ISO certification standards, MAWALOG conducts:

• Annual ISO Audits: Reviewing security, quality, and business continuity practices.
• Regular Risk Assessments: Identifying and mitigating potential security vulnerabilities.
• Compliance Reviews and Updates: Keeping up with evolving regulatory and industry changes.
• Employee Training and Awareness Programs: Ensuring security best practices across teams.

Our commitment to ongoing compliance ensures that MAWALOG consistently meets ISO certification requirements.

09. Contact Us

For inquiries related to ISO compliance, security policies, or audit requests, contact our compliance team:

If you have any questions, concerns, or requests for data access regarding GDPR, please email us at support@mawalog.com Or Call us at +91-44-4856-3345.

10. Commitment to Security and Compliance

As a sub-brand of Lentera Technologies, MAWALOG benefits from its ISO 27001, ISO 9001, and ISO 22301 certifications. This demonstrates our commitment to data protection, operational excellence, and continuous service availability.

• Ensuring data security and privacy through ISO-certified protocols.
• Providing high-quality, reliable solutions for logistics and supply chain management.
• Maintaining regulatory compliance with global standards.
• Building trust with users through secure, resilient, and ISO-backed services.

01. Introduction

MAWALOG ensures risk management, data integrity, and security through Vulnerability Assessment and Penetration Testing (VAPT), strengthening platform, application, and infrastructure resilience against cyber threats while protecting user and company data.

02. Scope of VAPT Compliance

Our security testing with VAPT is applicable to:

• Web Applications: APIs, web portals, and MAWALOG's platform.
• Mobile Apps: Our ecosystem is integrated with iOS and Android apps.
• Cloud infrastructure: Storage options, servers, and databases.
• Network security: Internal networks, firewalls, and VPNs.
• Third-Party Integrations: External service providers and APIs that communicate with MAWALOG.

03. VAPT Compliance Framework

The systematic VAPT compliance framework that MAWALOG adheres to consists of:

A. Vulnerability Assessment (VA)

• Robotic and manual scanning: detecting security flaws in networks, apps, and APIs.
• Patch Management: Applying security fixes and timely updates to vulnerabilities found.
• Configuration Review: Verifying that servers, firewalls, and endpoints satisfy security requirements.
• Privilege escalation and access control testing: confirming that only authorized individuals have access to vital information.

B. Ethical hackers

It examine the system against actual attack scenarios using Penetration Testing (PT)

C. Simulated Cyber Attacks

• Exploit Identification: Finding possible hacker access points.
• Business logic testing: guaranteeing safe data flows, authentication, and payment processing.
• Security: Finding security holes in internal and external API connections is known as API security testing.

04. Security Controls & Risk Mitigation Measures

MAWALOG uses end-to-end encryption (TLS 1.2/1.3) to protect data while it's in transit and at rest in order to preserve VAPT compliance.

• Limiting access according to user roles and responsibilities.
• Secure user authentication is ensured via Multi-Factor Authentication (MFA).
• Proactively monitoring and stopping questionable activity are Intrusion Detection and Prevention Systems (IDPS).
• Adhering to NIST cybersecurity rules and the OWASP Top 10.
• Regularly doing GDPR, SOC 2, and ISO 27001 evaluations.

05. Threat Intelligence & Continuous Monitoring

To proactively identify and address threats, MAWALOG combines continuous security monitoring with real-time threat intelligence. This comprises:

• Security Event Logging: Monitoring user and system activity.
• Constant Threat Monitoring: AI-powered analysis is used to identify irregularities.

06. Compliance with Industry Standards & Regulations

The VAPT framework developed by MAWALOG is in compliance with ISO 27001, an international standard for information security management.

• GDPR (EU) 2016/679: Regulations for data privacy and protection.
• SOC 2 Type II: Compliance with security, availability, and confidentiality.

07. VAPT Testing Frequency & Security Updates

In order to keep a safe digital infrastructure, MAWALOG regularly performs VAPT evaluations. Identifying new security threats and vulnerabilities through quarterly vulnerability scans is part of our testing schedule.

• Annual Penetration Testing: Comprehensive simulations of ethical hacking.
• Security Patch Updates: Immediate remedies are being released for serious vulnerabilities.
• Compliance reviews and third-party audits: Guaranteeing conformity with legal requirements.

08. Third-Party Risk Management and Compliance

VAPT security standards are met by all cloud partners and third-party service providers thanks to MAWALOG. This comprises:

• Vendor Risk Assessments: Assessing outside service providers security posture.
• Compliance Agreements and Security Contracts: Implementing stringent security guidelines with suppliers.

09. Notification of Breach and Incident Response

MAWALOG has a systematic incident response plan in place in case of a security incident:

• Quick Threat Recognition and Containment: Separating impacted systems.
• Regulatory and User Notification: Notifying affected users and pertinent authorities within 72 hours (GDPR-compliant)
• Root Cause Analysis and Forensic Investigation: Identifying the type of breach.
• Remediation and Security Enhancements: Putting remedial measures into place to stop potential threats.

10. Updates and Continuous Security Enhancements

As part of our commitment to VAPT compliance, MAWALOG consistently:

• Conducts regular employee security training for phishing, social engineering, and cyber hygiene awareness.
• Implements security improvements depending on evolving threats.
• Modifies security guidelines to satisfy changing compliance standards.

11. Contact Us

Contact our security team with any questions about security, vulnerability disclosures, or compliance requests: Please email us at support@mawalog.com Or Call us at +91-44-4856-3345.