Launching Soon 14-day free trial, no credit card. Full access from day one.
Trust & Security

Security Policy

Last updated: 21 May 2026

At GulSuite, security is fundamental to our platform. This page describes the measures we take to protect your data and ensure the integrity of our Service.

1. Data Encryption

In Transit

All communication between your browser and our servers is encrypted using HTTPS with TLS (Transport Layer Security). This ensures that your data cannot be intercepted or read during transmission.

At Rest

Sensitive data stored on our servers is encrypted using industry-standard encryption algorithms.

2. Access Controls

  • Authentication: All users must authenticate with a valid email and password. Passwords are stored using secure one-way hashing (never in plain text).
  • Role-Based Access: The platform supports role-based access control, ensuring users can only access the data and features permitted by their assigned role.
  • Session Management: Sessions are managed with secure, httpOnly cookies. Inactive sessions expire automatically.

3. Data Isolation

Your data is completely secure and isolated — no other customer can see, access, or interact with it in any way.

4. Backups

  • Automated backups are performed regularly.
  • Backups are stored securely and are separate from the production environment.
  • Backups are tested periodically to ensure data can be restored reliably.
  • You can request a data export at any time from your account.

5. Infrastructure Security

  • Firewalls: Network firewalls restrict access to only necessary ports and services.
  • Updates: Server software and dependencies are kept up to date with security patches.
  • Monitoring: Systems are monitored for unusual activity and potential security threats.
  • SSH Access: Server access is restricted to authorized personnel using encrypted key-based authentication.

6. Application Security

  • CSRF Protection: All forms and API requests are protected against cross-site request forgery attacks.
  • Input Validation: All user inputs are validated and sanitized to prevent injection attacks (SQL injection, XSS).
  • Rate Limiting: Login attempts and API calls are rate-limited to prevent brute-force attacks.
  • Secure Framework: GulSuite is built on a mature, security-hardened framework with built-in security features such as ORM-level query sanitization, template escaping, and private method restrictions.

7. Payment Security

We do not store your payment card details on our servers. All payment processing is handled by PCI-DSS compliant third-party payment processors. Your payment information is transmitted directly to the processor over an encrypted connection.

8. Incident Response

In the event of a security incident:

  • We will investigate and contain the incident promptly.
  • Affected customers will be notified within a reasonable timeframe.
  • We will take corrective measures to prevent recurrence.
  • Where required by law, we will report the incident to the appropriate authorities.

9. Responsible Disclosure

If you discover a security vulnerability in our Service, we encourage you to report it to us responsibly. Please email [email protected] with details of the vulnerability. We will:

  • Acknowledge your report within 48 hours.
  • Investigate and address the vulnerability promptly.
  • Keep you informed of the resolution.

We request that you do not publicly disclose the vulnerability until we have had reasonable time to address it.

10. Employee Access

  • Access to production systems is limited to authorized personnel on a need-to-know basis.
  • All access is logged and auditable.
  • Employees do not access customer data unless required for support and authorized by the customer.

11. AI Feature Security

  • All inputs submitted through Gul AI features (text or voice) are transmitted to our AI processing infrastructure over encrypted connections (HTTPS/TLS).
  • AI features are subject to rate limiting and real-time usage monitoring to detect and prevent misuse, abuse, and excessive load.
  • AI request logs are retained for security auditing purposes. These logs contain only command metadata and do not include full business records.
  • Any account found to be probing, abusing, or attempting to exploit AI features will be suspended immediately.

12. Contact

For security-related questions or to report a vulnerability, contact us at:

Hiyan Enterprises Pvt Ltd
Email: [email protected]