Security Policy

Infrastructure & Data Security

Our comprehensive security measures and data protection practices.

Effective Date: 01-01-2025

Maintained by: EyeQlytics Tech Pvt. Ltd.
Classification: Confidential – Government/Internal Use Only

1. Purpose

  • This policy outlines the security architecture, principles, and operational controls enforced by CopMap, a mission-critical law enforcement platform.
  • It ensures the protection of all systems, infrastructure, and law enforcement operational data handled by the platform.

2. Scope

Applies to all:

  • Users accessing CopMap services (web and mobile apps)
  • Internal services and APIs of the platform
  • Infrastructure and databases used in deployment
  • Development, monitoring, and incident management processes

3. Core Security Principles

CopMap has been designed from the ground up with security-by-design and zero trust architecture as foundational principles. Key values include:

  • No external service exposure
  • Encrypted communication and storage
  • Privately hosted infrastructure
  • Strict internal access and API governance
  • Designed in alignment with Government of India cybersecurity guidelines (CERT-In)

4. Infrastructure Security

  • CopMap is privately hosted on Google Cloud Platform (GCP) and Microsoft Azure, isolated within VPC environments, with no public exposure of internal services.
  • Each component of CopMap (frontend, backend, databases, monitoring) resides within private subnets, accessible only via authenticated internal services.
  • Firewall policies and IAM roles restrict access by IP, identity, and service-to-service trust rules.

5. Data Security & Privacy

  • CopMap does not collect or process any personal user data beyond authorized officer credentials used for authentication.
  • All operational data shown or stored on the map (e.g., security locations, bandobast plans) is:
    • Securely encrypted at rest and in transit
    • Stored only within private and authorized environments
    • Never shared or exposed to unauthorized services or third-party tools
  • The CopMap marketing website uses Google Analytics 4 (GA4) solely to measure anonymous website performance (page views, visit counts). This data is never linked to officer identities or operational data. All law enforcement operational data within the CopMap platform is completely isolated — no third-party analytics, tracking tools, or cookies have access to it.

6. Authentication & Authorization

  • All user accounts are protected by secure password policies and encrypted using advanced hashing algorithms (e.g., bcrypt).
  • Multi-factor authentication (MFA) is optionally enforced for sensitive access levels (e.g., district, division admins).
  • Role-Based Access Control (RBAC) ensures officers only access information within their jurisdiction.
  • OAuth2-compliant access tokens control session integrity and scope.

7. API & Application Security

Every request is routed through a dedicated API Gateway, which:

  • Validates tokens
  • Enforces rate-limits and usage policies
  • Blocks any unauthorized or malformed requests
  • Internal services are not directly accessible. All services communicate securely using internal protocols and isolated endpoints.
  • No direct calls can be made to internal microservices from outside the platform.

8. Monitoring & Audit Logging

  • Platform usage, API calls, and access activities are continuously monitored.
  • Audit logs are stored securely for accountability, compliance, and post-incident forensics.
  • Any anomalies such as failed logins, unusual API patterns, or data access spikes are flagged in real-time.

9. Data Backup & Recovery

  • Daily encrypted backups of critical services and map configurations are maintained.
  • Regular disaster recovery drills ensure continuity even in the event of system or infrastructure failure.
  • Backup storage is separated from live data and hosted securely within approved regions.

10. Software Security & DevOps

  • Code is reviewed and scanned for vulnerabilities (following OWASP Top 10 best practices).
  • Continuous Integration/Deployment (CI/CD) pipelines are secured and restricted to authorized maintainers.
  • All services are containerized and sandboxed to minimize attack surface and support rapid recovery or isolation if needed.

11. Incident Response

CopMap follows a structured Incident Response Policy:

  • Real-time detection
  • Isolation of affected services
  • Notifications to relevant law enforcement command structures
  • Root cause analysis and preventive action
  • All incidents are documented and traceable through audit trails.

12. Third-Party Access

  • No third-party services or analytics providers have access to any law enforcement data.
  • If any external audit or integration is required (e.g., ministry-level analytics), it is handled via secure, government-approved pipelines.

13. Compliance

CopMap is designed to align with:

  • CERT-In Cyber Security Guidelines
  • DPDP Act, 2023 (India)
  • IT Act, 2000 (India)
  • Ministry of Home Affairs policies for digital law enforcement tools

14. User Responsibilities

Users must:

  • Protect their login credentials
  • Use CopMap only for official, authorized purposes
  • Report any suspected breach or unusual activity to the internal security team

15. Updates & Review

This security policy is reviewed quarterly and updated as needed to reflect:

  • New security features
  • Evolving threats
  • Law enforcement needs or policy changes

Contact for Security Issues

  • 📧 admin@copmap.in
  • Security & Compliance Team, EyeQlytics Tech Pvt. Ltd.