Security at LabelERP

Your business data is the foundation of your operations. We treat its protection as our highest priority, with enterprise-grade security built into every layer of the platform.

Infrastructure Security

Our platform runs on enterprise-grade cloud infrastructure with built-in redundancy, automatic scaling, and geographic distribution. We leverage industry-leading cloud providers that maintain SOC 2, ISO 27001, and other internationally recognised security certifications.

  • Hosted on Google Cloud Platform with data centres in India
  • All data encrypted in transit using TLS 1.2+ (HTTPS everywhere)
  • Data encrypted at rest using AES-256 encryption
  • DDoS protection and Web Application Firewall (WAF) enabled
  • Regular vulnerability scanning and penetration testing

Data Isolation

LabelERP uses a multi-tenant architecture with strict data isolation to ensure that your business data is completely separated from other customers. Each tenant operates in its own isolated environment.

  • Tenant-level data isolation with separate database schemas
  • Row-level security policies enforced at the database layer
  • Cross-tenant access is architecturally impossible
  • All API requests are scoped to the authenticated tenant
  • Strict access controls prevent data leakage between tenants

Authentication & Access Controls

We implement robust authentication and authorisation mechanisms to ensure that only the right people can access the right data. Every request is authenticated, authorised, and logged.

  • Secure JWT-based authentication with short-lived tokens
  • Password hashing using bcrypt with industry-standard salt rounds
  • Role-based access control (RBAC) with granular permissions
  • Session management with automatic timeout and revocation
  • Brute-force protection with rate limiting and account lockout

Application Security

Security is embedded into every stage of our software development lifecycle. We follow secure coding practices and conduct regular code reviews to identify and address vulnerabilities before they reach production.

  • Secure development lifecycle (SDLC) with mandatory code reviews
  • Input validation and output encoding to prevent injection attacks
  • Protection against OWASP Top 10 vulnerabilities (XSS, CSRF, SQL injection, etc.)
  • Dependency scanning for known vulnerabilities in third-party libraries
  • Environment-level separation between development, staging, and production

Backups & Disaster Recovery

We maintain comprehensive backup and disaster recovery procedures to ensure your data is never lost. Our systems are designed for high availability with minimal downtime.

  • Automated daily backups with point-in-time recovery
  • Backups stored in geographically separate locations within India
  • Recovery time objective (RTO) of less than 4 hours
  • Recovery point objective (RPO) of less than 1 hour
  • Regular disaster recovery drills to validate our procedures

Compliance & Privacy

LabelERP is committed to complying with Indian data protection regulations and international best practices. We handle your data with transparency and give you full control over your information.

  • Compliant with the Digital Personal Data Protection (DPDP) Act, 2023
  • Dedicated Grievance Officer for data protection queries
  • Data processing limited to stated purposes with explicit consent
  • Data retention policies with automatic deletion upon account closure
  • Right to access, correct, and erase personal data as per the DPDP Act

Responsible Disclosure

We take security vulnerabilities seriously and appreciate the efforts of security researchers who help us keep our platform safe. If you discover a potential security issue, we encourage you to report it to us responsibly.

When reporting a vulnerability, please:

  • Provide a detailed description of the vulnerability, including steps to reproduce it.
  • Allow us reasonable time to investigate and address the issue before making any public disclosure.
  • Do not access, modify, or delete data belonging to other users during your research.
  • Do not perform any actions that could disrupt or degrade our services.

We are committed to acknowledging valid reports promptly and working with researchers to resolve issues as quickly as possible.

Report a Security Vulnerability

Email: mybrand@labelerp.co.in

Please include "Security Report" in your email subject line.