Data Security & Data Governance
Last reviewed on: 20th January 2026
Data Security and Data Governance
In order to provide Products and Services in accordance with the Terms of Use, SalaryFlow stores and processes User Personal Data in a hosted environment secured within a Virtual Private Cloud (VPC) on Amazon AWS.
Certain categories of Personal Data including email, phone number, address, age, gender, bank account number, and PAN are collected strictly to comply with regulatory mandates. Some data points are required for validating authenticity, while others are necessary for KYC setup under RBI guidelines.
Information and Data Classification
SalaryFlow defines information classifications based on sensitivity, confidentiality, privacy requirements, and business criticality.
Highly Confidential
User Personal Data (Databases / Cloud Storage / Analytics)
Confidential
User Non-Personal Data, Contracts, Financial Data
Internal
Business Metrics, SOPs, Operational Processes
Public
Organisation Structure, Published Policies
Combined datasets inherit the most restrictive classification level. Information owners are responsible for classification decisions.
Data Strategy Overview
Building and driving business decisions using data is critical to SalaryFlow’s operations. A structured data strategy enables better product development, intelligent decision-making, and enhanced user experiences.
- Address key business questions & measurable impact
- Eliminate redundancy and promote reusability
- Assess business priority & criticality
- Define sourcing, collection, transformation & processing
- Maintain centralized Data Repository / Data Warehouse
- Develop analytics & data science maturity roadmap
Data Governance
SalaryFlow ensures that data remains an asset and not a liability through governance frameworks covering ownership, integrity, privacy, and security.
Access is granted only to responsible individuals based on legitimate business needs. Metadata, logs, and access controls are maintained across systems.
Addressing Privacy Concerns
SalaryFlow respects User rights and consent preferences. Users may provide, revoke, or update consent as defined in the Privacy Policy.
SalaryFlow maintains SOPs for consent withdrawal and Personal Data erasure, subject to regulatory requirements.
Data Retention and Purging Policies
Personal Data is retained as required under Indian laws including RBI directions, PMLA, Companies Act, and Income Tax regulations.
Data not required for compliance or active services will be deleted or anonymized upon valid erasure requests.