Adaptyx
Back to Odkhaan Hub

SECURITY POLICY

Odkhaan Core Cryptographic & Security Disclosures

01Core Security Commitment

At Odkhaan, data protection and digital safety are fundamental architectural requirements. We design every feature—especially identity matchmaking and business networking—with deep defensive strategies, ensuring user data is isolated, encrypted, and monitored against malicious attempts.

02Data Encryption Standards

We employ enterprise-grade cryptography to secure data throughout its lifecycle:

TLS 1.3

Data in Transit

All communications between the Odkhaan mobile app and our database servers are encrypted using modern Transport Layer Security protocols, blocking man-in-the-middle exploits.

AES-256

Data at Rest

Core database structures, identity files, and profile details are encrypted at rest using highly trusted Advanced Encryption Standard algorithms.

HASHING

Password Hashing

User passwords are encrypted on creation using industry-validated hashing functions. We never store plaintext passwords in our database servers.

03Identity Verification Mechanisms

To protect members within our Matrimonial portals, we enforce stringent verification checks:

Isolated Verification Pipelines

Users submitting identity cards (ID documents) for verification undergo isolated cloud pipelines. Verified credentials are saved in dedicated, restricted Supabase storage bucket containers with strict **Row-Level Security (RLS)** policies. Once verification completes, access permissions are highly restricted and documents are locked against public queries.

04Infrastructure Security (Supabase Integration)

Our cloud backend is hosted via Supabase (built on highly reliable AWS infrastructures), ensuring:

  • Strict Row-Level Security (RLS) ensuring that database records are only read or written by authorized account holders.
  • Continuous backups: Automated database snapshot backups to guarantee comprehensive disaster recovery.
  • Network firewalls: Restrictive firewall rules restricting external API access and isolating storage buckets.

05Safe Token & Authentication Handling

Authentication is handled through industry-standard secure token management:

JWT Rotation

JWTs (JSON Web Tokens) are automatically rotated, expiring periodically to block session hijacking.

OAuth Logins

OAuth logins (Google, Facebook) are completed using certified secure browser modules. The app never intercepts your external account passwords.

Expo Sanitization

Expo push notification tokens are sanitized and managed solely within isolated notification containers.

06Security Reporting & Vulnerability Disclosure

We welcome audits and reports from independent security researchers. If you identify a potential security vulnerability in our application or API, please contact us immediately.

72-Hour Mitigation Window

If you identify a vulnerability, please reach out to contact@adaptyx.in. We will investigate, isolate, and patch reported threats within 72 hours.

Submit a Security Bug Report