Security and Data Protection

01 Our commitment

Dynmark Technosoft handles confidential client information in every engagement. Protecting that information is a core professional obligation, and it is treated with the same seriousness as the quality of the work itself. The firm writes this page in plain language because a client who is about to share sensitive information is entitled to understand how that information will be handled without reading around technical jargon.

The measures described below are not an exhaustive technical standard. They are the practical controls that the firm runs every working day, the controls it deliberately does not run because they are disproportionate to the work, and the assumptions the firm makes about its clients. Where a specific client engagement requires additional controls, the firm is willing to agree and document those controls in writing as part of the statement of work.

02 Client information

Client information shared with the firm during an engagement is stored on devices that are encrypted at rest. Every working laptop and every mobile device used by the practice is configured with full disk encryption and a strong unlock secret. Devices automatically lock after a short period of inactivity. Lost or stolen devices are reported immediately and remotely wiped where the management platform supports that step.

Access to client information is limited to the members of the engagement team. Access is granted at the start of the engagement, reviewed midway through the engagement if the engagement runs longer than four weeks, and revoked on the day the engagement closes. The firm does not keep a standing access pool of staff who can read any client file at any time.

Client information is not shared with any third party without the client's written permission. The single exception is a legal obligation imposed on the firm by a competent authority, in which case the firm will comply with the obligation and, where it is lawful to do so, notify the client of the request.

At the end of an engagement, the working files are retained for the period required by professional and tax obligations under Indian law. At the end of that period the files are either archived in an encrypted form with access limited to the Proprietor, or destroyed at the client's request. The client may request destruction of copies held by the firm at any time after the retention obligation has lapsed.

03 Payment card data

Dynmark Technosoft does not store, process, or transmit payment card numbers on its own systems. This is a deliberate design choice. The firm has never held a database of card numbers, has never written software that reads card numbers, and has never accepted card numbers by email, telephone, or any other ad hoc channel.

All card payments are handled by an authorised payment gateway that is certified to the Payment Card Industry Data Security Standard, commonly referred to as PCI DSS. When an international client pays by card, the card details are entered directly into the gateway's secure interface, which is delivered to the client over an encrypted connection. The firm sees only the information the gateway returns to a merchant, which is typically the confirmation of payment, the last four digits of the card, the name on the card, the currency, and the transaction reference.

If a client is asked to provide a full card number by any person claiming to represent Dynmark Technosoft, the firm asks the client to refuse, to decline the request, and to write to info@dynmarkit.com immediately so the incident can be investigated.

04 Authentication and access control

Every account used by the practice is protected by a strong password and by a second authentication factor, either a hardware security key or an authenticator application. Shared passwords are not used. Passwords are stored in a reputable password manager with its own strong unlock secret.

Access to client engagement files is granted only to the members of the engagement team. Access is time bounded to the duration of the engagement and is removed on the day the engagement closes. A review of active access grants is run at the start of every calendar quarter.

05 Email and communication

Email between Dynmark Technosoft and its clients uses standard transport encryption. The firm does not use consumer email services for engagement correspondence. Where an engagement involves material that is particularly sensitive, the firm offers a secure file exchange as the default, and the tool used is agreed with the client in writing before any file is shared.

The firm will never request a password, a card number, or a one time code by email. Any email that appears to come from the firm and that makes such a request should be treated as suspicious and reported to info@dynmarkit.com for investigation.

06 Physical security

Working files, printed materials, and any physical artefacts created during an engagement are held in secure storage at the firm's office at 3rd Floor, Plot K 19, Behind K.C. Memorial Hospital, Durga Das Path, Malviya Marg, C Scheme, Jaipur, Rajasthan 302001, India. Printed client material is shredded at the end of the retention period unless the client has requested the return of the originals.

07 Backups and continuity

Working files are backed up to encrypted cloud storage on a regular cadence, so that a lost or damaged device does not cause a loss of client work. The backup is itself access controlled, is restricted to the engagement team, and is reviewed on the same schedule as the access control list.

In the event that the firm is unable to access its systems for a prolonged period, the Proprietor notifies affected clients, sets a revised timeline, and keeps clients informed until the situation is resolved.

08 Incident response

In the event of a suspected security incident involving client information, the affected client is notified promptly, the incident is investigated by the Proprietor, and the client is kept informed of the steps being taken. The firm's working definition of a security incident includes the loss or theft of a device that held client information, a suspected unauthorised access to a client engagement folder, a misdirected email carrying client information, and any credible report of a breach at a third party provider that holds client information on behalf of the firm.

The responsible mailbox for reporting a security concern is info@dynmarkit.com. Reports received at this address are read by the Proprietor and are acknowledged within one business day. Clients may also call the firm on +91 7023139797 during office hours.

09 Review cadence

This page is reviewed on the first business day of every calendar year and at any point during the year where the firm makes a change to the controls described above. The current version of the page reflects the controls in place at the time of the most recent review. The next scheduled review date is printed on the first business day of the following year.