Your clients' data deserves fortress-level protection.
You control who sees what. Every action is tracked. And no one — not even us — can access your clients' data without your permission.
Your data. Only yours.
No other firm — no matter what — can ever see your clients, invoices, or documents. Not even us.
Complete Firm Isolation
Every piece of data belongs to one firm only. Isolation is enforced at the database level — even if there were a bug in our code, the database itself would block cross-firm access.
- •Clients, invoices, documents — all scoped to your firm
- •Defense-in-depth: double protection at code + database level
- •No shared data, no cross-firm leaks, ever
Your Passwords Are Safe
Your login password is handled by a dedicated authentication service — our application servers never see it. And your clients' portal passwords? Encrypted so even we can't read them.
- •Login passwords never stored on our servers
- •Client portal passwords encrypted — not even we can see them
- •Brute-force protection and automatic lockout built in
You decide who sees what.
Not everyone needs access to everything. Control it down to individual buttons.
71 Permissions, 16 Categories
Can this person create invoices? View PAN numbers? Delete documents? Approve work? You decide each one individually.
Create Your Own Roles
4 built-in roles plus up to 20 custom ones. Create a role that can manage clients but can't create invoices, or one that can view reports but can't edit anything.
See Only Your Own Clients
Set any user to "assigned" scope — they'll only see clients assigned to them. Your articleship trainee can't browse other partners' clients.
Every action. Tracked.
Know exactly who did what, when, and from where. Complete accountability.
What gets logged:
- Client created, edited, or deleted
- Invoice approved, sent, or cancelled
- User login, password reset, MFA changes
- Role changes, permission updates
- Work assignment status changes
- And much more — every significant action in the system
What you can see:
- Who made the change (name + email)
- Exactly what changed (field-level details)
- When it happened (timestamp)
- From which IP address and device
- Full history — nothing gets erased
Security built into every layer.
From authentication to backups, every component is hardened.
Two-Factor Authentication
Optional TOTP MFA for any user. Or enforce it firm-wide — force every team member to set up 2FA before they can access the app.
Encrypted Credential Vault
Store your clients' portal passwords (GST, IT, MCA) securely encrypted. Reveal on demand — never visible in plain text.
Auto Session Timeout
30 minutes of inactivity and you're logged out. Works across all open tabs. No stale sessions on shared computers.
All Data Encrypted
AES-256 encryption for stored data. TLS for data in transit. Every document, every record, every backup — encrypted.
Daily Backups
Automated daily backups with point-in-time recovery. We can restore your data to any point in the last 30 days.
Data Never Leaves India
Hosted entirely on AWS Mumbai (ap-south-1). Your clients' PAN, Aadhar, GSTIN, and financial data stays within Indian borders. AWS is SOC 2 Type II certified.
DDoS & Rate Limiting
Built-in protection against brute-force login attempts and API abuse. Automatic throttling per user ensures your practice stays accessible even under attack.
TLS 1.3 Everywhere
All connections use TLS 1.3 — the latest encryption standard. No legacy protocols, no downgrade attacks. Every API call, every page load, encrypted.
Secret Rotation
API keys and encryption secrets are managed via AWS Secrets Manager with automatic rotation. No hardcoded credentials anywhere in the system.
Our privacy commitment
We never sell your data. Period.
Our AI assistant never sends sensitive data (PAN, Aadhar, GSTIN) to the AI model. Data queries are processed locally within AWS Mumbai.
We only access your data when you explicitly ask for support — and only the minimum needed.
Want to leave? Export all your data anytime. Delete your account and everything is gone within 90 days.
Compliant with DPDPA 2023 and IT Act 2000.