# Data Protection, Encryption, and Access Control

NeevCloud enforces AES-256 encryption for data at rest and TLS 1.2 minimum (TLS 1.3 where supported) for data in transit. Centralised key management with automated rotation is in place across all storage. Multi-factor authentication is enforced for all privileged and external access. All accounts operate on a least-privilege model with periodic access reviews.

Customer workloads are logically isolated at the network level with no cross-customer data access possible. Segregation is validated during every VAPT cycle. NeevCloud's controls are aligned with ISO/IEC 27017 for cloud-specific security and ISO/IEC 27018 for PII protection in public cloud, as recognised under CERT-In's compliance expectations.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.neevcloud.com/neevcloud-guide/neevcloud-cert-in-compliance/data-protection-encryption-and-access-control.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.