Hitech i2i – Data Security & AI Governance Policy

1. Our Commitment to Data Security

Hitech i2i is designed to securely process highly sensitive real estate, title, mortgage, and legal documents. We are committed to protecting the confidentiality, integrity, and availability of customer data. Our security program is built on strong safeguards, and responsible use of AI and alignment with globally recognized standards to ensure trust, compliance, and resilience.

2. Scope – Data We Protect

Hitech i2i may process property deeds, mortgages, liens, title documents, owner and buyer information, parcel/APN identifiers, legal descriptions, and customer-owned proprietary datasets. All customer data is treated as confidential and restricted by default.

3. Standards & Compliance Alignment

Our security and privacy program is aligned with leading frameworks and regulations, including:

• ISO/IEC 27001: Information Security Management System (ISMS)
• ISO/IEC 27701: Privacy Information Management System (PIMS)
• GDPR and applicable data protection laws (including India DPDP Act, where applicable)
• NIST Cybersecurity Framework

4. How We Secure Your Data

Access Controls:

• Role-based access control (RBAC) and least privilege access
• Multi-factor authentication (MFA) for privileged and production access

Encryption:

• Data encrypted in transit using TLS 1.2+
• Data encrypted at rest using industry-standard encryption

Secure by Design:

• Secure Software Development Lifecycle (SSDLC)
• Vulnerability management and penetration testing
• Security built into cloud, application, and endpoint architecture

Monitoring & Incident Management:

• Centralized logging, monitoring, and alerting
• Defined incident response and breach notification process
• Regular security reviews and audits

Business Continuity:

• Backup, disaster recovery, and business continuity planning
• Tested recovery procedures to ensure service availability

5. Privacy & Data Protection

• Personal data is processed lawfully, fairly, and transparently
• Data is collected only for legitimate business purposes
• Data retention and deletion follow defined policies and regulatory requirements
• Data subject rights are respected under applicable privacy laws

6. OCR, Redaction, and AI Processing

OCR converts scanned documents into text and does not interpret, learn from, or retain data.

Redaction is applied after OCR and before any AI or LLM-based processing. Pre-OCR redaction is supported when required by contract, third-party OCR usage, or document sensitivity.

7. AI & Responsible Data Usage

• Customer data is not used to train shared or public AI models without explicit written consent
• Sensitive workloads are protected using secure, compliant AI and processing environments
• Redaction and data minimization are applied where required to reduce exposure

8. Third-Party & Supply Chain Security

• Vendors undergo security due diligence and contractual safeguards
• Access to customer data is restricted, monitored, and reviewed regularly

9. Compliance & Assurance

• Regular internal and external audits validate the effectiveness of our controls
• Employees and contractors receive mandatory security and privacy training
• Compliance is governed through formal GRC processes

10. Transparency & Customer Trust

Customers may request additional security information through questionnaires, audits, or contractual reviews.