Document 18 · Internal

Incident Response Policy

Version 1.0 · Effective 13 July 2026 · Governing law: India

How we detect, contain, recover from and notify on security incidents.

1. Purpose

This policy governs how Upplio AI detects, responds to, and recovers from security and privacy incidents affecting the Service or Personal Data.

2. Definitions

Security Incident: a confirmed or suspected event that compromises the confidentiality, integrity or availability of the Service or Personal Data.

Personal Data Breach: a Security Incident leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to Personal Data.

3. Roles and Responsibilities

The Proprietor (Neetu Yadav) is the Incident Response Lead. Contractors and vendors must report suspected incidents immediately to customerservice@upplioai.com.

4. Response Phases

  • Detect: monitor logs, alerts and reports from users and researchers.
  • Triage: classify severity (Low, Medium, High, Critical) and scope.
  • Contain: isolate affected systems, revoke compromised credentials, block malicious traffic.
  • Eradicate: remove the root cause (patch, rotate keys, remove malware).
  • Recover: restore services, verify integrity, monitor for recurrence.
  • Post-incident review: document timeline, root cause, corrective actions.

5. Notification

Affected users and, where applicable, the Data Protection Board of India and enterprise customers, will be notified without undue delay and in accordance with the DPDP Act, the Terms and any DPA. For enterprise customers, notification within seventy-two (72) hours of confirmed impact.

6. Recovery and Continuity

Recovery relies on managed cloud infrastructure with automated backups and regional resilience. RPO/RTO objectives are periodically reviewed.

7. Records

Records of incidents, response actions and lessons learned are maintained for at least three (3) years, or longer where required by law.

Amendments

Upplio AI may amend this document from time to time. Material changes will be notified by email or in-app notice at least fourteen (14) days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the amended terms.

Version

Version: 1.0

Effective: 13 July 2026

Owner: Neetu Yadav, Proprietor, Upplio AI

Contact: customerservice@upplioai.com

Contact

Upplio AI (a sole proprietorship of Neetu Yadav)

Bengaluru, Karnataka, India

Email: customerservice@upplioai.com · Website: https://upplio.ai