Effective Date: 01/11/2025
Company: Moondria Technologies
1st Floor, Citi Mall, Andheri West, Mumbai – India
Email: contact@moondria.com

This document forms part of the Master Services Agreement (MSA) and applies to all enterprise-level service engagements.

🔐 SECTION 1: ISO-STYLE INFORMATION SECURITY POLICY

Moondria Technologies commits to maintaining an information security management approach aligned with internationally recognized standards such as ISO/IEC 27001 principles.

1.1 Security Objectives

  • Protect confidentiality, integrity, and availability of data
  • Prevent unauthorized access
  • Maintain business continuity
  • Ensure regulatory compliance

1.2 Access Control

  • Role-Based Access Control (RBAC)
  • Least privilege enforcement
  • Multi-factor authentication (where applicable)
  • Secure credential management

1.3 Data Protection

  • Encryption in transit (TLS/HTTPS)
  • Encrypted backups where applicable
  • Secure storage configurations
  • Access logging & monitoring

1.4 Secure Development Lifecycle (SDLC)

  • Secure coding practices
  • Code reviews
  • Vulnerability testing
  • Patch management procedures

📊 SECTION 2: ENTERPRISE SERVICE LEVEL AGREEMENT (SLA)

2.1 Uptime Commitment

For managed hosting environments:

  • 99.5% uptime (Standard Plan)
  • 99.9% uptime (Enterprise Plan)

Measured monthly, excluding:

  • Scheduled maintenance
  • Force majeure events
  • Third-party provider outages

2.2 Incident Response Time

  • Critical Issue: Response within 4 hours
  • High Priority: Response within 8 hours
  • Medium Priority: Response within 24 hours

2.3 Maintenance Windows

Scheduled maintenance will be communicated in advance where possible.

🌍 SECTION 3: GDPR DATA PROCESSING ADDENDUM (DPA)

Where applicable under EU or UK data protection regulations:

3.1 Data Processing Role

  • Client acts as Data Controller
  • Moondria acts as Data Processor

3.2 Processing Scope

Data processed only:

  • For agreed contractual purposes
  • Under documented client instructions

3.3 Data Subject Rights

Moondria will assist client in responding to:

  • Access requests
  • Data correction
  • Erasure requests
  • Data portability

3.4 Cross-Border Transfers

Data transfers outside EU will use appropriate safeguards.

🛒 SECTION 4: PCI-DSS ANNEX (E-COMMERCE)

For e-commerce systems handling card payments:

4.1 Payment Processing

  • Payment data handled via secure third-party gateways
  • No raw card data stored on unsecured systems

4.2 Secure Checkout Implementation

  • SSL encryption mandatory
  • Secure API integration
  • Tokenization where supported

4.3 Merchant Responsibility

Client is responsible for maintaining PCI compliance at merchant level.

🧠 SECTION 5: AI RISK & COMPLIANCE ANNEX

For AI-integrated systems:

5.1 Responsible AI Principles

  • Transparency
  • Fairness
  • Accountability
  • Security

5.2 Risk Mitigation

  • Human oversight mechanisms
  • Bias evaluation procedures
  • Data quality validation
  • Secure AI model deployment

5.3 Client Responsibilities

Client must ensure lawful data usage for AI training and deployment.

⚖ LIMITATION OF LIABILITY

Moondria Technologies’ total liability under this framework shall not exceed the total contract value paid under the governing agreement.

Moondria is not responsible for:

  • Third-party infrastructure failures
  • Regulatory non-compliance outside agreed scope
  • Client misconfiguration or negligence

🌙 ENTERPRISE COMMITMENT

Moondria Technologies integrates security, compliance, uptime reliability, and responsible AI governance into every enterprise system we design.

This framework ensures secure, scalable, and globally compliant digital infrastructure.