Effective starting: August 1, 2017
PayMyVAT.com is a product by Taxviser Consulting Private Ltd (called PayMyVAT from
here onwards).
Overview
PayMyVAT Cloud is the hosting platform designed and used by us to deliver PayMyVAT
applications as a service. Each subscriber's PayMyVAT Cloud applications are
physically located on a server in a dedicated, locked cage at our data center partners.
Our data center partners provide power, network and backup services. PayMyVAT rents
servers to power the PayMyVAT Cloud. For servers that it rents from third party vendors
(via Azure), PayMyVAT monitors and manages the servers, in addition to providing
support to PayMyVAT Cloud subscribers.
Data storage
Our PayMyVAT Cloud platform was designed and optimized by us specifically to host
PayMyVAT applications and has multiple levels of redundancy built in. The applications
themselves run on a separate front-end hardware node than that on which the data is
stored. Hardware failure of the compute node is recovered automatically. Application
data is stored on a RAID 10 (mirrored and striped) storage node which is replicated to a
secondary storage node every four hours. If the primary storage node has a problem or
becomes unavailable, the applications can be switched over to the secondary storage
node.
Facilities
Access to the data centers is limited to authorized personnel only, as verified by
biometric identity verification measures. Physical security measures include: on-
premises security guards, closed circuit video monitoring, man traps, and additional
intrusion protection measures. Within the data center, all PayMyVAT equipment is
stored in locked cages designed to be earthquake-proof.
Our data centers are located in geographically diverse locations across India.
People and access
Our support team maintains an account on all cloud systems and applications for the
purposes of maintenance and support. This support team accesses hosted applications
and data only for purposes of application health monitoring and performing system or
application maintenance, and upon customer request via our support system. Within
PayMyVAT, only authorized PayMyVAT employees have access to application data.
Authentication is done via individual passphrase-protected public keys, rather than
passwords, and the servers only accept incoming SSH connections from PayMyVAT
and internal data center locations. PayMyVAT Cloud is designed to allow application
data to be accessible only with appropriate credentials, such that one customer cannot
access another customer's data without explicit knowledge of that other customers'
login information. Customers are responsible for maintaining the security of their own
login information.
Certification
To augment 3rd party application penetration testing we have performed, we have
selected data center providers that maintain industry-standard certifications.
Our data centers are SOC-1 (formerly SAS 70) compliant. These certifications address
physical security, system availability, network and IP backbone access, customer
provisioning and problem management.
Backups
Application database backups for PayMyVAT Cloud occur on the following frequencies:
On-site backups are performed daily and retained for seven days; Tape backups are
taken weekly, which are then stored off-site and retained for four weeks. All backup data
is encrypted.
Privacy
PayMyVAT understands the importance of ensuring the privacy of your personally
identifiable information. For more information, please see ourĀ Privacy Statement.