At Saral Apps Pvt. Ltd., we hold a firm conviction that our clients' proprietary information and intellectual property are not merely data points — they are the very foundations upon which competitive advantages are built and sustained.
As an IT service provider headquartered in Nepal and serving both domestic and international partners, we have structured our operations around a culture of integrity, discretion, and technical accountability. This policy formalises those commitments.
Scope of Confidentiality
What we consider protected information
This policy applies to all forms of "Confidential Information" shared with Saral Apps in the course of any professional engagement — whether at the stage of initial discussions, active development, or post-delivery support. Confidential Information encompasses the following categories:
Technical Assets
Source code, proprietary algorithms, database architecture, system design documentation, and API specifications.
Design & User Experience
Wireframes, interactive prototypes, user flow diagrams, and distinctive interface elements that define your product's identity.
Business Intelligence
Strategic product roadmaps, client databases, financial projections, and any commercially sensitive communications shared during the engagement.
Technical Security & Data Integrity
The infrastructure that protects your assets
Stating a commitment to security means little without the infrastructure to back it. The following measures are actively enforced across all client engagements at Saral Apps — not aspirational targets, but operational standards.
Encryption Standards
All sensitive data is encrypted using AES-256 at rest. For data in transit, we enforce TLS 1.2 and TLS 1.3 protocols, ensuring information cannot be intercepted between parties.
Access Control — Principle of Least Privilege
Access to any project repository or related asset is limited exclusively to the engineers directly assigned to that engagement. No blanket access is granted within our teams.
Secure Development — OWASP Standards
Our engineering team follows OWASP (Open Web Application Security Project) guidelines throughout the development lifecycle, identifying and mitigating vulnerabilities before they can pose any risk to client assets.
Isolated Environments
Development, Staging, and Production environments are maintained separately and independently, preventing cross-contamination and ensuring client data is never exposed during internal testing or builds.
Operational Integrity & Personnel
The human side of security
Technical safeguards alone are insufficient without equally rigorous standards governing the people who handle client information. We treat the human element of security with the same seriousness as our technical infrastructure.
Lifelong Non-Disclosure Agreements
Every individual — whether a full-time employee or an independent contractor — undergoes a thorough vetting process before joining Saral Apps and is bound by a comprehensive, lifelong NDA upon onboarding, with no exceptions.
Confidentiality Culture & Ongoing Training
Our internal workflows are deliberately designed to minimise the risk of unauthorised disclosure. Regular security audits and ongoing staff training ensure our team remains alert and accountable across every project.
Legal Compliance & Jurisdiction
Accountability across borders
Saral Apps operates with full legal accountability, both within Nepal and in the context of our international partnerships. Compliance is a core requirement that shapes how we structure every client engagement.
Domestic Legal Compliance
We operate in strict accordance with the Electronic Transactions Act, 2063 and the Individual Privacy Act, 2075 of Nepal, which govern the handling of electronic information and personal data within the country.
GDPR Alignment (International Clients)
For our international clients — particularly those based in the European Union — we align our data handling processes with the principles of the General Data Protection Regulation (GDPR), honouring the data rights of clients and their users regardless of geography.
Custom Mutual NDAs Available
This policy is our baseline. For clients requiring greater specificity — defined international jurisdictions, governing law clauses, or tailored confidentiality terms — we are fully prepared to execute Custom Mutual Non-Disclosure Agreements (MNDAs) on request.
Data Ownership & Offboarding
A clean and verified handover every time
The intellectual property produced through any engagement with Saral Apps belongs to the client — without ambiguity. Upon successful project completion and fulfilment of contractual obligations, full ownership of all deliverables, source code, and associated assets is formally transferred.
Following handover, any local copies of client data or project assets retained on Saral Apps systems during the development phase are subject to certified data destruction. We provide documented confirmation of this process upon request, ensuring a clean, verifiable, and secure offboarding for every client we work with.
Ready to work together?
Whether you need a tailored MNDA, compliance expertise, or end-to-end project support, we’re here to help you achieve your goals