Security Policy

Best practices to follow

At SkorLife, we always prioritize your security. To ensure maximum protection, we have prepared a simple list of security measures that you can follow :

• Never disclose your personal banking details such as card number, CVV, PIN, or OTP through any medium, including phone calls, SMS, WhatsApp, or email. We will never ask you for any of the sensitive information mentioned above.
• We will also never contact you to request any payment transactions through the app or ask you to install remote access software such as TeamViewer, AnyDesk, etc. Do not respond to such emails, SMS messages, WhatsApp or phone calls.

Privacy Practices

We do not sell your personal information or share it with unaffiliated third parties for their advertising or marketing purposes without your written consent.

Please refer to our Privacy Policy for more information.

Data Security

We implement environment segregation and separation of duties, along with strict role-based access controls based on documented, authorized, and necessary use requirements.

We utilize key management services to restrict access to data exclusively to authorized teams.

Stored data is protected through encryption at rest, while sensitive data is further safeguarded with layered application-level encryption.

To ensure data reliability, we employ several methods: data replication for resilience, snapshotting for durability, and regular backup and recovery testing..

Incident and Change Management

We have established a mature Change Management process that enables us to reliably and securely release thoroughly tested features, ensuring you can enjoy the SkorLife experience with maximum assurance.

We take an aggressive approach to Incident Management during system downtimes and security events, supported by our Network Operations Center and Information Security Management System, which promptly respond to, recover from, or escalate any incidents arising from planned or unplanned changes.

Vulnerability Assessment and Penetration Testing

We have an internal network security team that utilizes industry-leading products to conduct both manual and automated Vulnerability Assessment and Penetration Testing (VA/PT) activities.

We implement Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), which are integrated into our Continuous Integration/Continuous Deployment (CI/CD) pipeline.

Additionally, we engage CERT-IN certified auditors to perform regular external security testing and audits.

Standards and Certifications

SkorLife is certified in ISO 27001:2022 and has implemented the necessary Information Security Management System (ISMS) policies and procedures to uphold industry-standard best practices and applicable controls.

Responsible Disclosure

At SkorLife, we are committed to safeguarding our customers' data and privacy.

We integrate security at every stage of our product development using advanced technologies to ensure our systems maintain robust security measures.

Our comprehensive data security and privacy design enables us to protect our systems against everything from minor issues to sophisticated attacks.