🚀 We are live on Product Hunt Check out →
🚀 Campaign Extended till 24-11-2025, grab your early Black Friday Deal now
Try for free

Privacy Policy

SECURITY OVERVIEW

WhitePanther™
Operated by HOODS HUB PRIVATE LIMITED
Chennai, Tamil Nadu, India

At WhitePanther™, information security is foundational to our platform design and operations.

We operate an Information Security Management System (ISMS) aligned with ISO/IEC 27001 principles and implement technical, organizational, and administrative safeguards to protect customer data, financial integrations, and business communications.

This document provides a high-level overview of our security controls.

  1. INFORMATION SECURITY GOVERNANCE

WhitePanther follows a structured security governance framework aligned with ISO 27001, including:

  • Defined security policies and procedures
  • Risk identification and mitigation processes
  • Asset classification and protection controls
  • Management oversight and accountability
  • Continuous review and improvement

Security is embedded across product design, engineering, operations, and vendor management.

  1. RISK MANAGEMENT

We maintain a risk-based approach to security that includes:

  • Identification of information assets
  • Assessment of potential threats and vulnerabilities
  • Risk evaluation and prioritization
  • Implementation of appropriate safeguards
  • Periodic review of risk posture

Security controls are proportionate to identified business and regulatory risks.

  1. DATA SECURITY CONTROLS

3.1 Encryption

In alignment with ISO 27001 cryptographic controls:

  • Data in transit is encrypted using TLS.
  • Sensitive data is encrypted at rest.
  • Secure key management practices are implemented.
  • Authentication tokens are securely generated and stored.

Payment information is tokenized by regulated third-party processors.

WhitePanther does not store full card numbers or CVV data.

Payments are processed by:

  • Razorpay Software Private Limited
  • PhonePe Private Limited

3.2 Data Minimization & Storage Model

WhitePanther applies data minimization principles:

  • Only necessary data is collected.
  • No unnecessary retention of third-party email or cloud file content.
  • Encrypted metadata references are used where required for workflow continuity.

Email content and cloud file contents remain within the respective provider accounts.

  1. ACCESS CONTROL MANAGEMENT

Aligned with ISO 27001 access control requirements:

  • Role-Based Access Control (RBAC) is enforced.
  • Least-privilege principles are applied.
  • Production access is restricted and monitored.
  • Administrative access is limited to authorized personnel.
  • Access rights are reviewed periodically.

Access to customer-related data requires legitimate business justification.

  1. INFRASTRUCTURE & CLOUD SECURITY

WhitePanther relies on secure infrastructure from established providers, including:

  • Google LLC (API integrations and cloud-based connectivity)

Security measures include:

  • Hardened deployment environments
  • Environment segregation (development, staging, production)
  • Secure configuration management
  • Continuous system monitoring

We comply with the Google API Services User Data Policy and use OAuth-based authentication for Gmail integrations with limited scoped permissions.

  1. APPLICATION SECURITY & SECURE DEVELOPMENT

WhitePanther follows a Secure Development Lifecycle (SDLC) that includes:

  • Code reviews
  • Dependency monitoring
  • Secure coding standards
  • Configuration hardening
  • Logging and audit trail implementation
  • Controlled release management

Security testing and vulnerability identification are incorporated into development workflows.

  1. PAYMENT SECURITY & RBI ALIGNMENT

WhitePanther integrates with regulated payment processors.

Security controls include:

  • Tokenized card processing
  • Secure API-based payment communication
  • No storage of CVV or full card numbers
  • Webhook-based transaction verification
  • Restricted financial access controls

Where permitted under regulatory frameworks, encrypted card references may be stored for subscription continuity in compliance with applicable RBI guidelines.

WhitePanther does not hold customer funds and does not function as a financial institution.

  1. EMAIL & API SECURITY

WhitePanther integrates with Gmail APIs provided by Google LLC.

Security measures include:

  • OAuth-based authentication
  • Scoped API permissions (minimum necessary access)
  • Secure token handling
  • Rate-limit compliance
  • No resale or advertising use of Gmail data

We do not store inbox content, historical emails, or attachments.

  1. BUSINESS CONTINUITY & BACKUP

In alignment with ISO 27001 business continuity principles:

  • Critical systems are designed for operational resilience.
  • Backup procedures are implemented for platform-managed data.
  • Recovery procedures are documented.
  • Service continuity is periodically reviewed.

Cloud-provider–hosted content (e.g., Google Drive files) remains governed by the provider’s backup mechanisms.

  1. MONITORING, LOGGING & INCIDENT RESPONSE

WhitePanther maintains documented incident management procedures, including:

  • Continuous monitoring of system activity
  • Logging of security-relevant events
  • Investigation protocols for suspicious behavior
  • Containment and remediation processes

If a confirmed data breach occurs:

  • Affected users will be notified as required by applicable law.
  • Remediation measures will be implemented promptly.
  1. SUB-PROCESSOR & THIRD-PARTY MANAGEMENT

We conduct due diligence before engaging sub-processors.

Key integration partners include:

  • Google LLC
  • Razorpay Software Private Limited
  • PhonePe Private Limited

Third parties are required to maintain appropriate contractual and security safeguards.

A sub-processor list is maintained for transparency.

  1. COMPLIANCE & PRIVACY ALIGNMENT

WhitePanther aligns its security framework with:

  • ISO/IEC 27001 principles
  • GDPR data protection principles (where applicable)
  • Google API Services User Data Policy
  • Applicable Indian data protection and financial regulations

We implement:

  • Data minimization
  • Purpose limitation
  • Secure processing
  • Defined retention policies
  1. CUSTOMER SECURITY RESPONSIBILITIES

Security is a shared responsibility.

Customers are responsible for:

  • Protecting account credentials
  • Managing administrator permissions
  • Using secure devices and networks
  • Ensuring lawful use of the platform
  • Managing cloud provider access controls
  1. CONTINUOUS IMPROVEMENT

WhitePanther continuously evaluates and enhances:

  • Infrastructure resilience
  • Security controls
  • Regulatory compliance posture
  • Emerging threat preparedness

Security practices evolve alongside regulatory and technological developments.

  1. SECURITY CONTACT

For security inquiries, vulnerability disclosure, or compliance questions:

customersupport@whitepanther.email

HOODS HUB PRIVATE LIMITED
Chennai, Tamil Nadu, India

 

Sign Up for Newsletter

About

WhitePanther™ empowers modern organizations with a unified, AI-powered operations system that connects communication, revenue, and workflows — delivering stronger operational control and financial visibility within a secure, compliance-ready environment.

Built and operated by HOODS HUB PRIVATE LIMITED.

Product

SECURITY

LEGAL

COMPLIANCE

PRIVACY & DATA

COMPANY

SOCIAL

Copyright @2025 WhitePanther. All Rights Reserved

ISO3
GDPR3