Always.
Aakruti Infra RMC is built with security at its core. From encrypted databases to OTP authentication and role-based access, every layer of your RMC plant data is protected against unauthorized access, cyber threats, and data breaches.
Identity Verified — Encrypted Channel Active
Every request, every record, every session is guarded by multiple independent security layers.
All plant, user, and order data is encrypted using AES-256 at the database layer. No plain-text sensitive data ever stored.
All logins use one-time passwords delivered via SMS or WhatsApp. Passwords are bcrypt-hashed. No plain passwords stored.
Every API query checks your role. Plant Managers can only see their plant data. Clients see only their orders. Drivers see only assigned trips.
Account is locked after 5 failed OTP attempts. Suspicious activity triggers notifications to Plant Manager and system admin.
Hosted on Convex cloud with SOC 2 Type II compliant infrastructure. Automatic backups, geo-redundant storage, and uptime SLAs.
Each login generates a unique session token. Device limits enforced per plan. Remote session kick available to Plant Managers.
Each RMC Plant's data is logically isolated. Cross-plant data access is architecturally impossible. No data leaks between plants.
All backend functions validate authentication and authorization before any database operation. Zero trust model at the API layer.
| Threat | Status | Mitigation |
|---|---|---|
| Unauthorized Access | Protected | OTP + session token + device limits |
| Data Interception | Protected | TLS 1.3 in transit, AES-256 at rest |
| Brute Force Attack | Protected | Lockout after 5 attempts + alert |
| SQL Injection | Protected | Parameterized queries, no raw SQL |
| Cross-site Scripting | Protected | React's built-in XSS protection |
| Privilege Escalation | Protected | RBAC enforced server-side always |
Contact our team for a security briefing or to request our full data protection documentation.