A
AskFitness

Trust Center

Procurement-ready security, audited annually.

Everything your security, legal, and procurement teams need — bundled, downloadable, and current. We're audited every year by a Big-4 firm and pen-tested every quarter.

Indian regulatory & data6

DPDP Act 2023

Digital Personal Data Protection · audited; consent + erasure + breach notice

IT Act 2000 + IT Rules 2021

Intermediary obligations, takedown SLAs, grievance officer

RBI tokenization

Card-on-file PCI-tokenized via Stripe / Razorpay

Aadhaar e-KYC

UIDAI-compliant member onboarding (where applicable)

TRAI DLT

SMS sender ID + template registration on all 4 telcos

Data localisation (Mumbai)

AWS ap-south-1 · India-resident data, Multi-AZ

Indian tax & finance6

GST e-invoicing (IRN)

Auto-IRN registration via GSTN for B2B invoices > ₹5 Cr

GSTR-1 / 3B / 9 filing

AskBooks files monthly + annual returns automatically

TDS 194J / 194H

Auto-deduction on trainer commissions; Form 26Q ready

HSN code library

9985 / 998314 / 9993 mapped per service line

Companies Act 2013

Statutory audit trail · period locks · auditor mode

PMLA KYC

KYC retention + records for prevention-of-money-laundering Act

Indian healthcare (clinic)6

NABH digital records

Timestamped, signed, immutable SOAP note audit trail

ABDM / NDHM / ABHA

Health Locker push, HIE-CM, consent-based PHR

MCI / NMC Rx format

Practitioner registration, generic name, dosage compliance

AYUSH guidelines

AYUSH-format Rx for ayurveda, yoga, naturopathy practitioners

Clinical Establishments Act 2010

Registration support, KPI dashboards

CDSCO pharmacy traceability

Schedule-H drugs, batch tracking (where licensed)

Workplace & employment4

POSH Act 2013

Internal Complaints Committee workflow, anonymous reporting

Shops & Establishments Act

Per-state registration tracking + roster compliance

EPFO + ESIC

Provident Fund + ESI deductions in AskBooks payroll

Form 16 / 16A

Auto-generated for staff & PT trainers

Global standards5

SOC 2 Type II

Audited annually by Big-4 firm

ISO/IEC 27001:2022

Information security management certified

HIPAA-ready

BAA available for clinics + international NRI customers

GDPR

For EU members and international NRIs

PCI-DSS Level 1

Card processing via certified PG partners

How we protect your data

Encryption everywhere

  • AES-256 at rest, TLS 1.3 in transit
  • Tenant-isolated database schemas
  • Bring-your-own-KMS available on Enterprise
  • Field-level encryption for PII (Aadhaar, PAN)

Access controls

  • SSO via SAML 2.0 + OIDC
  • Multi-factor auth required for admin roles
  • IP allow-listing for Enterprise
  • Granular RBAC down to per-location, per-feature

Monitoring & response

  • 24×7 SIEM with on-call rotation
  • < 15 min alert-to-acknowledge SLA
  • Quarterly external pen-tests
  • Bug-bounty programme via HackerOne

Resilience

  • Mumbai (ap-south-1) primary, multi-AZ
  • 99.99% uptime SLA on Enterprise
  • Daily backups, 35-day retention, point-in-time recovery
  • DR drills quarterly · 4 hr RTO, 15 min RPO

Documents your team will ask for

Most are downloadable directly. The SOC 2 report & pen-test detail are gated by a quick NDA — email compliance@askfitness.in.

Data Processing Addendum (DPA)

PDF · 14 pages · DPDP-aligned

Security whitepaper

PDF · 28 pages

Vendor security questionnaire (CAIQ-Lite, pre-filled)

XLSX · ready to attach

Latest pen-test summary

PDF · executive summary, redacted

SOC 2 report

NDA required · contact compliance@askfitness.in

All systems operational

Live status page

Uptime, incidents, scheduled maintenance — updated in real time.

View status

Security disclosure

Found a vulnerability?

Email security@askfitness.in or report via HackerOne. PGP key on request. We pay bounties.

Disclose responsibly