Trust · Security

Security at Voyazio.

Our approach to protecting customer data — infrastructure, encryption, access controls, compliance, and incident response.

Effective Date
19 May 2026

1. Our Approach to Security

Security is foundational to everything we build at Voyazio. Travel businesses entrust us with sensitive customer data — passport details, booking history, payment information, and personal identifiers. We treat that responsibility with the seriousness it deserves.

Cognimit Technologies LLP, the operator of Voyazio, follows industry-recognized security frameworks and continuously invests in protecting customer data through technical safeguards, operational controls, and ongoing assessment.

2. Infrastructure Security

Voyazio is hosted on enterprise-grade cloud infrastructure providers with global certifications including ISO 27001, SOC 2 Type II, and PCI-DSS. Our infrastructure benefits from:

  • ·Physical security at data centres with restricted access, biometric controls, and 24/7 monitoring.
  • ·Network isolation through Virtual Private Clouds (VPCs) with strict firewall rules.
  • ·DDoS protection at the edge.
  • ·Automatic backups with geographic redundancy.
  • ·High-availability architecture with failover and disaster recovery.

3. Data Encryption

All data is protected through strong encryption:

  • ·Data in Transit: TLS 1.2 or higher for all connections between clients and our servers, and between internal services.
  • ·Data at Rest: encryption using AES-256 for databases, file storage, and backups.
  • ·Sensitive Fields: additional field-level encryption for passwords (bcrypt/argon2), API keys, and payment tokens.
  • ·Key Management: encryption keys managed through hardware security modules (HSMs) with strict rotation policies.

4. Access Controls

Access to systems and customer data is governed by strict policies:

  • ·Principle of Least Privilege: employees receive only the access necessary for their role.
  • ·Multi-Factor Authentication (MFA): mandatory for all internal systems and administrative tools.
  • ·Single Sign-On (SSO): centralized identity management with audit logging.
  • ·Role-Based Access Control (RBAC): granular permissions within the Voyazio platform for customer teams.
  • ·Audit Logs: comprehensive logging of access events, configuration changes, and administrative actions.
  • ·Regular Reviews: periodic access reviews to revoke unnecessary permissions.

5. Application Security

Our development practices prioritize security at every stage:

  • ·Secure Software Development Lifecycle (SDLC) with mandatory code reviews.
  • ·Static and dynamic application security testing (SAST/DAST).
  • ·Dependency scanning and automated vulnerability detection.
  • ·Annual third-party penetration testing.
  • ·Bug bounty program (reach out to hello@voyazio.com to participate).
  • ·Web Application Firewall (WAF) protection.
  • ·Rate limiting and abuse detection.

6. Compliance and Standards

Voyazio is designed to support customers in meeting their compliance obligations:

  • ·Digital Personal Data Protection Act, 2023 (DPDP Act, India).
  • ·General Data Protection Regulation (GDPR) principles for international data handling.
  • ·PCI-DSS scope minimization through tokenization (full card data is processed by certified payment gateways, not stored on our systems).
  • ·Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

7. Incident Response

We maintain a documented Incident Response Plan covering detection, containment, eradication, recovery, and post-incident review. In the event of a security incident affecting customer data:

  • ·Affected customers will be notified within seventy-two (72) hours of confirmation, in accordance with applicable data protection law.
  • ·Notifications will include the nature of the incident, data affected, steps being taken, and recommended actions.
  • ·Regulatory authorities will be notified where required.
  • ·A post-incident report will be shared with affected customers.

8. Responsible Disclosure

We welcome responsible disclosure of security vulnerabilities by security researchers. If you believe you have found a security issue, please report it to hello@voyazio.com. Please:

  • ·Provide detailed information including reproduction steps.
  • ·Allow us reasonable time to investigate and remediate before public disclosure.
  • ·Avoid accessing, modifying, or destroying customer data.
  • ·Avoid testing that could degrade service availability.

We commit to acknowledging reports within forty-eight (48) hours and providing regular updates throughout the remediation process.

9. Contact

For security-related inquiries: hello@voyazio.com

For privacy matters: hello@voyazio.com

We use cookies

We use cookies to keep the site running, understand how you use it, and occasionally show you things you might care about. Cookie Policy