Safe4U Policy

Security Policy

This Security Policy explains Safe4U security principles for consent-based mobile finance protection, device locking, and responsible data handling.

Last updated: May 22, 2026

Security Philosophy

Safe4U is designed around least-privilege finance protection. The platform should perform the device locking functions required for EMI protection without providing access to personal customer content.

Security decisions are guided by data minimization, consent-based activation, role-based access, and clear customer-facing workflows.

  • Collect only what is necessary for enrollment and finance protection.
  • Limit access to authorized business users.
  • Avoid personal content visibility by design.
  • Support transparent lock and resolution workflows.

Access Controls

Safe4U business access should be limited to authorized retailers, finance partners, and administrators who need access for legitimate finance protection tasks.

Partner organizations are responsible for staff onboarding, credential safety, role assignment, and prompt removal of access when staff roles change.

  • Use strong passwords and protected accounts.
  • Restrict dashboard access to authorized users.
  • Review access periodically.
  • Train staff on privacy and legal usage responsibilities.

Data Minimization

Safe4U does not require access to private customer files, gallery, messages, banking data, passwords, or private app content to operate finance protection features.

Enrollment data should be limited to customer details, customer photo, signature, agreement acceptance, device identifiers, and finance workflow information required for lawful operation.

  • No gallery or private media access.
  • No message or private communication access.
  • No banking or payment app data access.
  • No password or OTP access.
  • No spying or surveillance tools.

Lock Screen Security

The Safe4U lock screen is intended to communicate device finance protection status and resolution steps. It should not expose sensitive customer data to unauthorized viewers.

Essential features such as calls and SMS may remain available depending on configuration, customer agreement, and business policy.

  • Clear status messaging.
  • Payment or retailer contact guidance.
  • Essential communication availability where configured.
  • No display of private files or personal content.

Website Security

This PHP website uses sanitized output, a CSRF token on the contact form, security headers through Apache configuration, and a lightweight static asset model suitable for shared hosting.

Hosting administrators should keep PHP updated, enable HTTPS, protect cPanel credentials, and use server backups.

  • Use HTTPS with a valid SSL certificate.
  • Keep PHP and hosting software updated.
  • Protect cPanel and FTP/SFTP credentials.
  • Restrict file permissions according to hosting guidance.
  • Review form delivery and mail configuration.

Responsible Disclosure

If you believe you have found a security issue related to Safe4U, contact us responsibly at info@safe4u.in with a clear description, affected area, reproduction steps, and potential impact.

Do not access, modify, delete, or disclose customer information. Do not perform disruptive testing against production systems.

  • Report suspected issues privately.
  • Avoid data access or service disruption.
  • Include enough detail for verification.
  • Allow reasonable time for investigation and remediation.

Contact

For questions about this policy or Safe4U business usage, contact us at info@safe4u.in.