Trust & Security

Your data is our responsibility — we treat it that way.

HUEWINE Cloud ERP is built with security in the core, not bolted on after. Here's how we protect your financials, your employees' personal data and your operational records — every layer, every day.

Four pillars of HUEWINE security

How we think about protecting your business data — from the network edge to the database.

Encryption Everywhere

AES-256 at rest, TLS 1.2+ in transit. Encryption keys rotated regularly and never co-located with the data they protect.

Role-Based Access

Granular permissions per module, per record. Optional multi-factor auth, SSO and IP allowlisting for admin accounts.

Resilient Hosting

Hosted in tier-3 cloud data centres with redundant power, network and storage. Geo-distributed daily backups with point-in-time recovery.

Audit-Ready Logs

Every login, every record change, every export is logged with user, timestamp and old/new values — ready for your auditors.

Security controls in detail

The specific controls our team operates to keep customer data safe.

Application Security

  • OWASP Top 10 controls in the SDLC
  • Code review for every production change
  • Dependency scanning on every build
  • Regular third-party penetration tests

Network & Infrastructure

  • WAF and DDoS protection at edge
  • Private subnets & security groups
  • Patch SLA: critical CVEs within 7 days
  • Intrusion detection on all hosts

Data Protection

  • AES-256 at rest, TLS 1.2+ in transit
  • Daily encrypted backups, 30-day retention
  • Logical data isolation per customer
  • Data export on request, anytime

Identity & Access

  • Role-based access control (RBAC)
  • Optional 2FA / multi-factor auth
  • SSO via SAML / OAuth 2.0 (on request)
  • Session timeout & brute-force lockout

Monitoring & Logging

  • Centralised audit log per tenant
  • 24x7 infrastructure monitoring
  • Anomaly alerts on admin actions
  • Logs retained for forensic review

People & Process

  • Background checks on team members
  • Least-privilege access to production
  • Annual security awareness training
  • Documented incident response process

Compliance & certifications

Where HUEWINE stands today — and what's on our roadmap.

GDPR aligned
Privacy-by-design
India IT Act
Compliant
GST & e-Invoice
Built-in
SOC 2 Type II
In progress
ISO 27001
On roadmap

Responsible disclosure

Found a security issue? We want to hear from you.

If you believe you've discovered a vulnerability in any HUEWINE product or service, please report it to our security team. We commit to acknowledge within 2 business days and keep you updated as we triage and fix.

security@huewine.com

Have a security questionnaire?

Our team is happy to walk through your vendor assessment, sign NDAs and share detailed architecture diagrams under request.

Talk to our Security Team