Built by VB Group • over a decade of EHS expertise
Drona VR
Request a Demo
Home / Trust / Security
Trust · Security

Security & Trust

Drona VR is built for elite manufacturing. Every plant we work with operates under regulator-level security expectations — DPDP, GDPR, OISD, ADNOC HSE, Aramco SAES. Our security posture is calibrated to those expectations.

Last updated: [pending CISO review] Vulnerability disclosure: security@dronavr.com
01 / Data protection

Encryption at rest and in transit

TLS 1.2 minimum on all customer-facing surfaces, TLS 1.3 where supported. AES-256 for data at rest in customer-tenanted databases.

02 / Access control

Least privilege, MFA, audit trail

Role-based access. Multi-factor authentication for all employee accounts. Privileged-action audit log retained 12 months minimum.

03 / Hosting and isolation

AWS regions India and US, customer-isolated tenants

Customer data stored in the geographic region requested by the customer (India / US / EU). Tenant isolation at infrastructure layer.

04 / Network defence

WAF, DDoS, rate-limiting, bot management

Cloudflare WAF. AWS Shield. Rate-limiting on all public endpoints. Bot fingerprinting for non-search traffic.

05 / Change management

Code review, automated testing, deployment controls

All production changes reviewed and merged through a documented pipeline. Automated security scans on every release. Staged deployment with rollback.

06 / People security

Background checks, NDA, training

All staff sign NDAs and undergo background verification. Annual security and privacy training. Documented offboarding procedure.

07 / Vendor risk

Third-party assessment + DPA

All sub-processors assessed for security and privacy posture. Data Processing Addendums in place with each. Annual review.

08 / Vulnerability and incident

Disclosure programme + response runbook

Coordinated disclosure programme via security@dronavr.com. Documented incident response runbook. Regulatory notification within statutory timelines.

09 / Continuity

Backups, DR, business continuity

Daily backups with offsite copies. Documented disaster-recovery procedure. Annual continuity test for critical paths.

Certifications and standards

Drona VR aligns with industry-recognised security and privacy standards. Specific certifications held by Drona VR or VB Engineering India Pvt Ltd are listed below. Customers may request copies of audit reports under NDA.

ISO 27001
Information security
SOC 2 Type II
Trust services criteria
DPDP Act 2023
India compliance
GDPR / UK GDPR
EU / UK compliance

* Certifications shown are templates pending CISO confirmation. Remove or replace any item not currently held before publishing this page. Stating a certification not actually held is itself a regulatory and reputational risk.

Vulnerability disclosure

If you believe you have discovered a security vulnerability in any Drona VR system or in dronavr.com, please report it to security@dronavr.com. We aim to acknowledge reports within 2 business days.

Responsible disclosure principles apply:

  • Provide a clear description of the issue and reproduction steps
  • Allow us reasonable time to investigate and remediate before public disclosure
  • Do not exploit the vulnerability beyond the minimum necessary to demonstrate it
  • Do not access data not belonging to you

Researchers acting in good faith and within the scope above will not be the subject of legal action by Drona VR.

Incident response

In the event of a security incident affecting personal data, Drona VR will:

  • Initiate the documented incident response runbook within 1 hour of confirmed detection
  • Notify affected customers in line with contractual obligations (typically within 72 hours of confirmation)
  • Notify regulators within statutory timelines — Data Protection Board of India under DPDP, supervisory authorities under GDPR Article 33, and equivalent regimes
  • Provide a post-incident report covering root cause, impact, remediation and preventive measures

Customer security obligations

Security is a shared responsibility. Customers using the Drona VR platform are responsible for:

  • Safeguarding their own login credentials and access controls
  • Implementing appropriate role-based permissions for their team
  • Reporting suspected unauthorised access promptly to security@dronavr.com
  • Handling personal data they upload to the platform in accordance with applicable law

Sub-processors

A current list of Drona VR sub-processors and the data processed by each is available to customers on request. Material changes are communicated to customers in line with the applicable Data Processing Addendum.

Contact

Security incidents and vulnerability reports: security@dronavr.com
General security and trust questions: info@dronavr.com
Postal: VB Engineering India Pvt Ltd, Hyderabad, Telangana, India