Security Overview
Effective Date: 01th April 2025
Last Updated: 29th June 2026
Company Legal Name: Treewalker Digital Private Limited
Product: Galla.app
Website: https://galla.app
Registered Office: Vikas Plaza.38/ 1A (4), Kanappana Agrahara, Hosur Rd, Phase II, Electronic City, Bengaluru, Karnataka 560100
Support Email: support@treewalkerlabs.com
Legal Email: legal@treewalkerlabs.com
CIN: U72900KA2021PTC153840
GSTIN: 29AAICT9733E1ZXs
This Security Overview explains the security practices, controls, safeguards, responsibilities, and limitations applicable to Galla.app and related services provided by Treewalker Digital Private Limited.
Galla.app is a SaaS platform for retail management, POS billing, warehouse management, inventory management, WhatsApp marketing, ecommerce development, third-party integrations, APIs, dashboards, reports, automation, and related business operations.
At Galla.app, security is an important part of how we design, build, operate, and support our platform. Our goal is to protect customer data, business records, billing data, warehouse data, inventory data, ecommerce data, WhatsApp communication data, user access, integrations, and platform infrastructure through reasonable technical and organisational safeguards.
This Security Overview should be read together with our Terms of Service, Privacy Policy, Cookie Policy, Data Processing Addendum, Subprocessor List, Acceptable Use Policy, WhatsApp Marketing Policy, Refund and Billing Policy, SLA and Support Policy, Data Retention and Deletion Policy, Responsible Disclosure Policy, and Incident Response Policy.
1. Purpose of this Security Overview
The purpose of this document is to provide customers, partners, vendors, enterprise buyers, auditors, and website visitors with a clear overview of Galla.app’s security approach.
This document explains:
- Our security governance approach.
- How we protect customer data.
- How we manage access control.
- How we secure SaaS applications.
- How we secure infrastructure and hosting.
- How we handle backups and continuity.
- How we manage vulnerabilities.
- How we manage incidents.
- How we protect integrations and APIs.
- How we support hardware security.
- What customers are responsible for.
- What security-related limitations apply.
This document is a public security summary. Detailed internal security procedures, infrastructure diagrams, audit reports, penetration test reports, and technical control documents may be shared with eligible enterprise customers under NDA, where available and applicable.
2. Security Commitment
Treewalker Digital Private Limited is committed to maintaining reasonable and appropriate security controls for Galla.app.
Our security objectives are to:
- Protect customer data from unauthorised access.
- Protect the confidentiality, integrity, and availability of the platform.
- Reduce risk of data loss, misuse, fraud, abuse, and unauthorised changes.
- Maintain secure software development practices.
- Monitor and respond to security issues.
- Support customers in using the platform securely.
- Maintain reasonable safeguards for SaaS, hardware, APIs, integrations, and support operations.
- Continuously improve security practices based on business, technology, regulatory, and customer requirements.
3. Security Scope
This Security Overview applies to:
- Galla.app SaaS platform.
- Retail Management module.
- POS Billing module.
- Warehouse Management System module.
- Inventory Management module.
- WhatsApp Marketing module.
- Ecommerce Development and Managed Ecommerce Services.
- Third-party integrations.
- APIs and webhooks.
- Dashboards and reports.
- Customer support and implementation services.
- Cloud infrastructure used for Galla.app.
- Application security processes.
- Data protection controls.
- Hardware support processes where hardware is supplied by or through Treewalker Digital Private Limited.
4. Security Governance
Treewalker Digital Private Limited aims to follow a risk-based approach to information security.
Security governance may include:
- Security ownership and accountability.
- Internal security policies and procedures.
- Employee confidentiality obligations.
- Access control reviews.
- Vendor and subprocessor reviews.
- Incident response process.
- Secure development practices.
- Backup and recovery procedures.
- Vulnerability management.
- Security awareness and training.
- Periodic review of technical controls.
- Customer-facing security documentation.
Where applicable, our security programme may be aligned with recognised security practices such as ISO 27001-style information security management, OWASP application security practices, secure software development, and Indian cybersecurity requirements.
Galla.app should not be considered ISO 27001 certified, SOC 2 compliant, or independently certified unless such certification or audit report is expressly published or shared by Treewalker Digital Private Limited.
5. Customer Data Protection
Galla.app processes customer data required for retail, billing, warehouse, inventory, ecommerce, WhatsApp marketing, integrations, and business operations.
Customer data may include:
- Business account information.
- User information.
- Product data.
- Customer records.
- Vendor records.
- Employee/user records.
- POS billing records.
- Invoice details.
- Payment status.
- Inventory records.
- Warehouse movement data.
- Barcode, QR code, RFID, batch, or serial number data.
- Ecommerce order data.
- WhatsApp campaign and communication data.
- API logs.
- Integration logs.
- Support tickets.
- Attachments and troubleshooting data.
We use reasonable technical and organisational safeguards to protect customer data from unauthorised access, misuse, loss, alteration, or disclosure.
6. Data Ownership
As between the customer and Treewalker Digital Private Limited, the customer owns its Customer Data.
Treewalker Digital Private Limited processes Customer Data only to:
- Provide Galla.app services.
- Operate subscribed modules.
- Host and store data.
- Support customer workflows.
- Provide implementation, onboarding, training, and support.
- Enable authorised integrations.
- Secure the platform.
- Troubleshoot issues.
- Maintain backups.
- Comply with legal, tax, audit, security, or contractual obligations.
- Improve platform reliability and performance.
We do not sell Customer Data.
7. Access Control
Access control is one of the most important parts of Galla.app security.
Galla.app may support role-based access controls depending on the subscribed module and configuration.
Access controls may include:
- Admin users.
- Role-based permissions.
- Store-level access.
- Warehouse-level access.
- Company-level access.
- User-level restrictions.
- Module-level permissions.
- Report access restrictions.
- Data export permissions.
- Integration access control.
- API key control.
- Activity logs, where available.
Customers are responsible for configuring user access properly.
8. Customer User Management
Customers are responsible for managing users inside their Galla.app account.
Customers should:
- Create only authorised users.
- Assign minimum required access.
- Avoid shared accounts.
- Avoid shared admin passwords.
- Remove users who leave the organisation.
- Remove users who no longer need access.
- Review active users periodically.
- Restrict admin access.
- Protect login credentials.
- Enable multi-factor authentication where available.
- Protect API keys and integration tokens.
- Report suspicious activity immediately.
Treewalker Digital Private Limited is not responsible for unauthorised access caused by customer-side weak passwords, credential sharing, compromised devices, inactive users, exposed API keys, or internal misuse.
9. Authentication and Password Security
Galla.app may use authentication controls to help protect account access.
Authentication practices may include:
- Unique user accounts.
- Password-based login.
- Session management.
- Password reset process.
- User access controls.
- Account activity tracking.
- Admin-controlled user management.
- Multi-factor authentication, where available.
- Login security monitoring, where available.
Customers should ensure that all users use strong passwords and do not reuse passwords across multiple services.
Recommended customer password practices:
- Use strong and unique passwords.
- Do not share passwords.
- Do not send passwords over email, WhatsApp, or chat.
- Change passwords when compromise is suspected.
- Remove inactive users.
- Use password managers where possible.
- Enable MFA where available.
- Immediately report unauthorised access.
10. Administrative Access
Treewalker Digital Private Limited may require limited administrative access to customer accounts for support, implementation, troubleshooting, security investigation, migration, or maintenance.
Administrative access is intended to be:
- Limited to authorised personnel.
- Used only for legitimate business purposes.
- Subject to internal confidentiality obligations.
- Used for support, implementation, troubleshooting, security, or service delivery.
- Restricted based on role and need.
- Logged or monitored where available and appropriate.
Customers should avoid sharing unnecessary sensitive data or passwords during support.
If temporary credentials are shared with support teams, the customer should rotate or revoke such credentials after support completion.
11. Application Security
Galla.app is designed and maintained with application security practices appropriate for a SaaS platform.
Application security measures may include:
- Secure coding practices.
- Code review, where applicable.
- Input validation.
- Authentication controls.
- Authorisation controls.
- Session management.
- Protection against common web application attacks.
- Error handling.
- Logging and monitoring.
- Vulnerability management.
- Security testing.
- Secure API design.
- Secure integration handling.
- Controlled deployment process.
- Change management.
We aim to consider common security risks such as injection, broken access control, authentication weaknesses, sensitive data exposure, security misconfiguration, vulnerable dependencies, logging gaps, and API abuse.
12. API and Webhook Security
Galla.app may provide APIs, webhooks, integration credentials, or developer tools.
API security practices may include:
- API authentication.
- API keys or tokens.
- Access control for API usage.
- Rate limits where applicable.
- Logging of API activity.
- Secure transmission.
- Key rotation where required.
- Restriction of exposed credentials.
- Monitoring of abnormal usage.
- Revocation of compromised keys.
Customers using APIs must:
- Keep API keys confidential.
- Never expose API keys in public repositories.
- Never share access tokens with unauthorised persons.
- Use APIs only for authorised business purposes.
- Follow applicable rate limits.
- Validate data before relying on it.
- Secure connected systems.
- Report exposed keys immediately.
- Remove unused API credentials.
- Avoid using APIs for scraping, spam, fraud, or unauthorised automation.
13. Data Transmission Security
Galla.app uses reasonable safeguards to protect data transmitted between users and the platform.
Data transmission security may include:
- HTTPS/TLS encryption for web access.
- Secure API communication.
- Secure connection to third-party services where supported.
- Restricted access to production systems.
- Protection against unauthorised interception where feasible.
- Secure communication for support channels where available.
Customers should access Galla.app only through secure networks and updated browsers.
Customers should avoid using public or insecure Wi-Fi for admin access, billing data, warehouse data, customer records, or sensitive operations.
14. Data Storage Security
Galla.app uses cloud-based infrastructure and storage systems to support SaaS operations.
Data storage safeguards may include:
- Access-controlled databases.
- Restricted infrastructure access.
- Logical separation of customer accounts.
- Secure backup processes.
- Limited access by authorised personnel.
- Monitoring and logging, where available.
- Infrastructure security controls provided by cloud vendors.
- Storage security based on platform architecture.
Customers with specific data residency, encryption, or compliance requirements should contact Treewalker Digital Private Limited before deployment.
15. Cloud Infrastructure Security
Galla.app may be hosted on cloud infrastructure provided by trusted cloud service providers.
Cloud security controls may include:
- Network security controls.
- Server access restrictions.
- Infrastructure monitoring.
- Backup storage.
- Cloud provider security controls.
- Controlled administrative access.
- Security group or firewall configuration.
- Logging and monitoring.
- Deployment controls.
- Periodic review of infrastructure settings.
Treewalker Digital Private Limited relies on cloud providers for certain physical, environmental, network, and infrastructure-level security controls.
A current Subprocessor List should identify the cloud and infrastructure providers used by Galla.app.
16. Network and Environment Security
Treewalker Digital Private Limited may use controls to protect production systems and development environments.
These may include:
- Restricted access to production systems.
- Separation of environments where feasible.
- Controlled deployment process.
- Firewall and network restrictions.
- Secure configuration.
- Monitoring for suspicious activity.
- Limited use of production data in non-production environments.
- Access review for technical personnel.
- Protection of secrets, keys, and credentials.
- Review of infrastructure changes.
17. Secure Software Development
Galla.app aims to follow secure software development practices.
These may include:
- Security consideration during design.
- Secure coding practices.
- Code review.
- Testing before release.
- Bug tracking.
- Vulnerability remediation.
- Controlled release process.
- Dependency review.
- Security review of high-risk changes.
- Rollback planning where feasible.
- Access-controlled development tools.
- Protection of source code repositories.
Security is treated as part of software quality, not only as a post-release activity.
18. Change Management
Changes to Galla.app may include product updates, bug fixes, infrastructure changes, feature releases, security patches, configuration changes, and integration updates.
Change management may include:
- Requirement review.
- Development review.
- Testing.
- Approval process.
- Deployment planning.
- Release notes where applicable.
- Monitoring after release.
- Rollback where feasible.
- Customer notification for material changes.
- Emergency change process for urgent issues.
Emergency changes may be made without prior notice when required for security, stability, legal compliance, or urgent issue resolution.
19. Vulnerability Management
Treewalker Digital Private Limited aims to identify, assess, prioritise, and remediate vulnerabilities in a reasonable and timely manner.
Vulnerability management may include:
- Internal testing.
- Dependency monitoring.
- Security review.
- Vulnerability scanning, where available.
- External penetration testing or VAPT, where conducted.
- Risk-based prioritisation.
- Patch management.
- Remediation tracking.
- Customer notification where a vulnerability materially affects customer data or service security.
- Responsible disclosure process.
Critical vulnerabilities are prioritised based on risk, exploitability, customer impact, and availability of mitigation.
20. Penetration Testing and VAPT
Treewalker Digital Private Limited may conduct vulnerability assessment and penetration testing for Galla.app periodically or as required by enterprise customers.
Where available, VAPT summaries or certificates may be shared with eligible enterprise customers under NDA.
Detailed VAPT reports may contain sensitive security information and may not be published publicly.
Customers should not perform penetration testing, vulnerability scanning, automated scanning, load testing, or security testing on Galla.app without prior written permission.
Security researchers should follow the Responsible Disclosure Policy.
21. Monitoring and Logging
Galla.app may use monitoring and logging to support security, reliability, troubleshooting, and platform operations.
Monitoring and logs may include:
- Login activity.
- User activity.
- API usage.
- Application errors.
- System performance.
- Integration events.
- Security events.
- Administrative actions.
- Support investigation logs.
- Infrastructure logs.
- Message delivery logs, where applicable.
- Warehouse or POS activity logs, where available.
Logs may be retained for security, troubleshooting, compliance, fraud prevention, audit, or business continuity purposes.
Customers are responsible for reviewing their own user activity and internal misuse where relevant.
22. Backup and Recovery
Galla.app may maintain backups to support data protection, service continuity, and recovery from certain incidents.
Backup practices may include:
- Periodic backup of production systems.
- Backup storage in secure environments.
- Controlled access to backups.
- Backup retention based on internal policy.
- Recovery testing where feasible.
- Restoration process for operational incidents.
- Backup deletion or overwrite based on retention cycles.
- Backups are intended for platform recovery and business continuity. They are not a substitute for customer-controlled exports or legal recordkeeping.
Customers should regularly export and retain business-critical data required for accounting, tax, legal, audit, statutory, or internal purposes.
23. Disaster Recovery and Business Continuity
Treewalker Digital Private Limited aims to maintain reasonable disaster recovery and continuity practices for Galla.app.
These may include:
- Cloud-based infrastructure.
- Backup processes.
- Incident escalation.
- Emergency maintenance procedures.
- Recovery planning.
- Service monitoring.
- Vendor dependency review.
- Communication process for major incidents.
- Prioritisation of critical services.
- Restoration planning.
Recovery time may depend on the nature of the incident, affected systems, third-party provider availability, data volume, and technical complexity.
24.Incident Response
Treewalker Digital Private Limited maintains an incident response approach for security events and service incidents.
Incident response may include:
- Detection.
- Triage.
- Investigation.
- Containment.
- Impact assessment.
- Remediation.
- Customer notification where required.
- Root cause analysis where appropriate.
- Preventive actions.
- Documentation and closure.
If a confirmed security incident affects Customer Personal Data, we will take reasonable steps to notify affected customers in accordance with applicable law, agreement, and our Incident Response Policy.
Incident notification does not constitute admission of fault or liability.
25. Responsible Disclosure
Treewalker Digital Private Limited encourages responsible reporting of security vulnerabilities.
Security researchers, customers, and users should report suspected vulnerabilities to:
Support Email: support@treewalkerlabs.com
Reports should include:
- Description of vulnerability.
- Steps to reproduce.
- Affected URL or feature.
- Screenshots or proof-of-concept, if safe.
- Impact assessment.
- Reporter contact details.
Researchers must not:
- Access or modify customer data.
- Disrupt services.
- Perform denial-of-service testing.
- Use automated high-volume scanning without permission.
- Exfiltrate data.
- Publicly disclose vulnerabilities before remediation.
- Social engineer employees or customers.
- Test physical security.
- Test third-party services not owned by Treewalker Digital Private Limited.
Reports will be reviewed based on severity, exploitability, and impact.
26. Employee and Contractor Security
Treewalker Digital Private Limited may apply security practices for employees, contractors, and authorised personnel.
These may include:
- Confidentiality obligations.
- Access control based on job role.
- Limited access to customer data.
- Security awareness.
- Review of access rights.
- Revocation of access after role change or exit.
- Internal policies for data handling.
- Protection of credentials.
- Use of approved tools.
- Support access controls.
Personnel are expected to access customer data only for legitimate business purposes.
27. Vendor and Subprocessor Security
Galla.app may use third-party providers and subprocessors for cloud hosting, messaging, email, support, analytics, payment processing, security, monitoring, and other services.
Vendor security practices may include:
- Vendor review before onboarding important subprocessors.
- Review of privacy and security documentation.
- Data processing agreements where applicable.
- Confidentiality obligations.
- Access limitation.
- Review of business purpose.
- Review of data categories processed.
- Periodic review where feasible.
- Updating the Subprocessor List for material changes.
Customers should review our Subprocessor List for more details.
28. Third-Party Integrations Security
Galla.app may integrate with customer-selected third-party systems such as ERP, Tally, accounting software, ecommerce platforms, marketplaces, payment gateways, logistics providers, WhatsApp/Meta, SMS providers, email providers, analytics tools, and custom APIs.
Customers are responsible for:
- Authorising third-party integrations.
- Maintaining third-party accounts.
- Securing third-party credentials.
- Reviewing third-party security and privacy terms.
- Removing unused integrations.
- Protecting API keys and tokens.
- Validating data received from third-party systems.
- Ensuring lawful data transfer.
- Monitoring third-party access.
- Handling third-party provider incidents.
Treewalker Digital Private Limited is not responsible for security failures, outages, API changes, policy changes, or data processing practices of customer-selected third-party services.
29. WhatsApp Marketing Security
Galla.app may provide WhatsApp Marketing and customer communication tools.
Security and responsible-use controls may include:
- Access control for campaign users.
- Contact import controls.
- Campaign activity logs, where available.
- Message status tracking.
- Provider integration controls.
- Opt-out management support, where configured.
- Template and campaign workflows.
- Monitoring of abnormal usage where feasible.
Customers using WhatsApp Marketing are responsible for:
- Lawful contact collection.
- Consent management.
- Opt-out handling.
- Message content approval.
- Avoiding spam.
- Avoiding unauthorised contact lists.
- Following WhatsApp/Meta policies.
- Protecting campaign data and contact lists.
- Restricting campaign access to authorised users.
- Securing WhatsApp Business and provider accounts.
30. POS Billing Security
For POS Billing, security controls may include:
- User access management.
- Billing counter user control.
- Role-based permissions.
- Invoice activity tracking, where available.
- Report access control.
- Export access control.
- Integration access controls.
- Support access controls.
- Data backup.
- Configuration controls.
Customers are responsible for:
- Assigning POS users properly.
- Preventing shared cashier logins.
- Securing POS devices.
- Securing local printers and scanners.
- Reviewing invoice activity.
- Configuring GST and tax data correctly.
- Preventing fake billing or unauthorised invoice changes.
- Protecting customer phone numbers and invoice data.
31. Warehouse Management Security
For Warehouse Management, security controls may include:
- Warehouse-level access.
- User-level permissions.
- Scanner or device user mapping, where available.
- Activity logs, where available.
- Stock movement tracking.
- Barcode, QR, or RFID workflow controls.
- Role-based process access.
- Report access controls.
- Integration controls.
- Support investigation logs.
Customers are responsible for:
- Assigning warehouse users properly.
- Securing handheld devices.
- Preventing shared logins.
- Removing former warehouse users.
- Securing scanners and RFID devices.
- Controlling stock adjustment permissions.
- Reviewing stock movement logs.
- Maintaining physical stock controls.
- Training warehouse staff.
- Reconciling system stock with physical stock.
32. Ecommerce Security
For ecommerce development and managed ecommerce services, security may depend on the ecommerce platform, hosting provider, payment gateway, plugins, themes, and integrations used.
Security responsibilities may include:
- Secure admin access.
- Strong passwords.
- Restricted ecommerce admin users.
- Payment gateway security.
- Plugin and theme updates.
- Secure checkout configuration.
- HTTPS configuration.
- Customer data protection.
- Access revocation after project completion.
- Secure handling of product and order data.
Customers are responsible for:
- Ecommerce privacy policy.
- Cookie consent where required.
- Payment gateway compliance.
- Admin user security.
- Product and order data accuracy.
- Marketplace and platform compliance.
- Security of customer-controlled ecommerce accounts
33. Hardware Security
Galla.app may be used with hardware such as POS devices, barcode scanners, QR scanners, RFID readers, RFID antennas, handheld terminals, printers, tablets, and accessories.
Hardware security depends on proper installation, access control, environment, and customer processes.
Customers are responsible for:
- Securing physical devices.
- Preventing unauthorised device use.
- Protecting device login credentials.
- Removing inactive users from devices.
- Keeping devices in safe locations.
- Preventing theft, tampering, or misuse.
- Using supported accessories and power supplies.
- Avoiding unauthorised repair.
- Ensuring proper network security.
- Reporting lost or stolen devices immediately.
- Resetting or wiping devices before disposal or reassignment, where applicable.
- Maintaining device-level security updates where applicable.
Treewalker Digital Private Limited may provide hardware support as per the SLA and Support Policy and Hardware Replacement Policy.
34. Customer Security Responsibilities
Security is a shared responsibility.
Treewalker Digital Private Limited secures the Galla.app platform within its control. Customers must secure their own people, devices, users, accounts, networks, data, integrations, and business processes.
Customers must:
- Use strong passwords.
- Avoid sharing credentials.
- Remove inactive users.
- Restrict admin access.
- Review user permissions.
- Secure devices and local networks.
- Protect API keys.
- Protect third-party credentials.
- Enable MFA where available.
- Train employees.
- Use secure internet connections.
- Keep browsers and devices updated.
- Avoid uploading unnecessary sensitive data.
- Avoid exporting data to insecure locations.
- Report suspicious activity immediately.
- Follow the Acceptable Use Policy.
- Follow the WhatsApp Marketing Policy.
- Maintain lawful consent and privacy notices.
- Verify reports and outputs before relying on them.
- Maintain physical and operational controls for POS and warehouse processes.
35. Data Export Security
Galla.app may allow export of reports, invoices, customer lists, inventory data, warehouse records, ecommerce records, WhatsApp campaign data, and other business records.
Customers are responsible for securing exported data.
Customers should:
- Export data only when required.
- Limit export access.
- Store exported files securely.
- Avoid sharing exported data over insecure channels.
- Delete unnecessary exports.
- Avoid sending exports to unauthorised users.
- Protect exported personal data.
- Use encryption for sensitive exports where possible.
- Maintain audit trails for critical exports where possible.
- Comply with data retention and deletion laws.
Treewalker Digital Private Limited is not responsible for misuse of data after it is exported by the customer or authorised users.
36. Data Retention and Deletion Security
Customer Data may be retained for the period necessary to provide services and as required for legal, tax, accounting, audit, security, backup, dispute, and compliance purposes.
Data deletion may be subject to:
- Active subscription status.
- Payment clearance.
- Legal retention requirements.
- Tax and accounting rules.
- Backup cycles.
- Security investigations.
- Ongoing disputes.
- Customer instructions.
- Technical feasibility.
- Data Retention and Deletion Policy.
Customers should review our Data Retention and Deletion Policy for more details.
37. Privacy and Security
Privacy and security are connected but separate.
Security focuses on protecting systems, accounts, infrastructure, and data from unauthorised access, misuse, loss, or compromise.
Privacy focuses on lawful, fair, transparent, and responsible processing of personal data.
Galla.app’s privacy and security practices are described across:
- Privacy Policy.
- Data Processing Addendum.
- Subprocessor List.
- Security Overview.
- Data Retention and Deletion Policy.
- Incident Response Policy.
- Responsible Disclosure Policy.
- Acceptable Use Policy.
- WhatsApp Marketing Policy.
38. Compliance Readiness
Galla.app may maintain or work toward security and compliance practices aligned with recognised frameworks and customer requirements.
These may include:
- ISO 27001-aligned information security practices.
- OWASP-aligned application security practices.
- Secure software development practices.
- VAPT or penetration testing, where conducted.
- CERT-In aligned incident handling practices, where applicable.
- DPDP-ready privacy and data protection practices.
- Vendor and subprocessor review.
- Enterprise security questionnaires.
- Internal access control reviews.
- Security awareness processes.
39. Security Documentation for Enterprise Customers
Eligible enterprise customers may request additional security documentation.
Depending on availability and approval, we may provide:
- Security overview.
- Privacy overview.
- DPA.
- Subprocessor List.
- SLA and Support Policy.
- Data retention summary.
- VAPT summary or certificate, where available.
- Security questionnaire responses.
- Architecture summary, where appropriate.
- Incident response summary.
- Backup and recovery summary.
- Compliance roadmap, where applicable.
- Detailed documents may require NDA and internal approval.
We do not provide unrestricted access to source code, production systems, unrelated customer data, internal credentials, confidential architecture diagrams, or sensitive security information.
40.Security Limitations
No SaaS platform, cloud service, network, application, or internet-based service can be guaranteed to be completely secure.
Treewalker Digital Private Limited uses reasonable safeguards, but cannot guarantee that:
- The platform will always be free from vulnerabilities.
- All attacks can be prevented.
- Third-party providers will never experience incidents.
- Customer-side credentials will never be compromised.
- Customer-side devices will always remain secure.
- Customer users will never misuse access.
- Internet or cloud services will always be available.
- Hardware will never fail.
- Integrations will always remain secure or available.
- Data exported by customers will remain protected outside Galla.app.
Customers must maintain their own security controls and business continuity procedures.
41. Prohibited Security Activities
Customers and users must not:
- Attempt unauthorised access.
- Scan or test Galla.app without written permission.
- Perform penetration testing without approval.
- Perform load testing without approval.
- Attempt to bypass authentication.
- Attempt to access other customers’ data.
- Share API keys publicly.
- Introduce malware.
- Conduct denial-of-service attacks.
- Scrape platform data.
- Reverse engineer Galla.app.
- Abuse APIs.
- Attempt privilege escalation.
- Misuse support access.
- Hide or tamper with audit logs.
- Use Galla.app to attack third-party systems.
Violations may result in suspension, termination, legal action, and reporting to authorities where required.
42. Reporting Security Issues
If you believe you have found a security vulnerability or if you suspect unauthorised access to your account, contact us immediately.
Support Email: support@treewalkerlabs.com
Please include:
- Description of issue.
- Affected account or URL.
- Date and time.
- Screenshots or logs, if available.
- Steps to reproduce, if reporting a vulnerability.
- Business impact.
- Contact details.
Do not publicly disclose suspected vulnerabilities until Treewalker Digital Private Limited has had reasonable time to investigate and remediate.
43. Customer Security Checklist
Galla.app customers should follow this checklist:
- Use unique accounts for every user.
- Do not share login credentials.
- Use strong passwords.
- Enable MFA where available.
- Review admin users monthly.
- Remove inactive users immediately.
- Restrict export permissions.
- Protect API keys.
- Remove unused integrations.
- Use secure networks.
- Keep devices updated.
- Secure POS and warehouse devices.
- Train staff on phishing and data protection.
- Review WhatsApp campaign permissions.
- Keep contact lists lawful and updated.
- Secure customer data exports.
- Report suspicious activity immediately.
- Maintain business data backups or exports where required.
- Follow Galla.app policies.
- Keep billing and support contact details updated.
44. Security Contact
For security-related questions, concerns, or vulnerability reports, contact:
Treewalker Digital Private Limited
Product: Galla.app
Registered Office: Vikas Plaza.38/ 1A (4), Kanappana Agrahara, Hosur Rd, Phase II, Electronic City, Bengaluru, Karnataka 560100
Legal Email: legal@treewalkerlabs.com
Support Email: support@treewalkerlabs.com
Phone: +91-6366-740-274
CIN: U72900KA2021PTC153840
GSTIN: 29AAICT9733E1ZX
45. Related Policies
This Security Overview should be read together with:
- Terms of Service.
- Privacy Policy.
- Cookie Policy.
- Data Processing Addendum.
- Subprocessor List.
- Acceptable Use Policy.
- WhatsApp Marketing Policy.
- Refund, Billing, Cancellation, and Hardware Replacement Policy.
- SLA and Support Policy.
- Data Retention and Deletion Policy.
- Responsible Disclosure Policy.
- Incident Response Policy.
