✨ Less manual work. More clarity. — Claim yours →
Security & Trust

Built to be trusted.
Built for India.

Your clients' financial data is among the most sensitive information that exists. We treat it that way. Every design decision in Invytrix Adhara starts with one question: is this secure enough for a CA firm managing 50 clients?

AES-256 encryptionStored in AWS Mumbai, IndiaGST-native platform
Security Overview
Data EncryptionAES-256
Data ResidencyIndia (AWS Mumbai)
Data in TransitTLS 1.3
Access ControlRow-level security
AuthenticationMagic link + Google OAuth
🔒 SOC2 Type II certification in progress — expected 2026

DATA SECURITY

Your data is yours.
Always.

Your financial data is processed exclusively to provide the reconciliation and GST services you have requested. That is the only purpose it serves.

Encrypted at rest

All data stored in Invytrix Adhara — bank statements, invoices, receipts, GST files and reconciliation records — is encrypted using AES-256 encryption. The same standard used by banks and government institutions worldwide.

AES-256-GCM encryption

Encrypted in transit

All data transmitted between your browser and Invytrix Adhara servers is protected using TLS 1.3 — the latest and most secure transport protocol. Every connection is HTTPS only. No exceptions.

TLS 1.3 — HTTPS only

Your data, your purpose

Your bank statements, invoices and client records are processed solely to deliver reconciliation results to you. Access is controlled at the database level — tied to your authenticated account.

No data selling. Ever.

DATA RESIDENCY

Your data stays in India.

All Invytrix Adhara data is stored and processed in the AWS Mumbai region (ap-south-1) — within Indian jurisdiction. Your data never leaves India.

Infrastructure
DB
Database
Supabase PostgreSQL — AWS Mumbai (ap-south-1)
API
Backend API
Railway — hosted in India region
WEB
Frontend
Vercel — global CDN, data processing in India
GST
GST Data
Masters India GSP API — official GST Suvidha Provider
Indian jurisdiction

All data stored in AWS ap-south-1 (Mumbai). Subject to Indian data protection laws. No cross-border data transfer.

No data leaves India

Processing, storage and backups all happen within Indian AWS infrastructure. Your clients' financial records never cross Indian borders.

DPDP Act compliant

Invytrix Adhara is designed in compliance with India's Digital Personal Data Protection Act 2023. Your data is processed within Indian infrastructure under Indian jurisdiction.

ACCESS CONTROL

Only you can see your data.

Every workspace in Invytrix Adhara is completely isolated. No user can ever access another user's data — by design, not just by policy.

Row-level security

Every database query in Invytrix Adhara is filtered at the row level by your authenticated user ID. Even if a bug existed in our application logic, the database would reject any query that attempts to access another user's data.

PostgreSQL RLS — enforced at DB level

Workspace isolation

CA firms and their clients operate in completely separate workspaces. A CA's client data is only visible to that CA and the client — never to other CA firms or other businesses on the platform.

Multi-tenant isolation by design

Secure authentication

Invytrix Adhara uses magic link email authentication and Google OAuth — no passwords to steal, no password reuse risk. Every session is cryptographically signed and expires automatically.

Magic link + Google OAuth

COMPLIANCE ROADMAP

Where we are.
Where we are going.

We are transparent about our current compliance status and our roadmap. We will never claim certifications we have not earned.

Live
AES-256 encryption + TLS 1.3

All data encrypted at rest and in transit.

Live
AWS Mumbai data residency

All data stored and processed within India.

Live
Row-level security

Database-enforced workspace isolation for every user.

Live
DPDP Act 2023 compliance

Designed in compliance with India's Digital Personal Data Protection Act.

In Progress
SOC2 Type II

Security audit and certification in progress. Expected completion: 2026.

Planned
ISO 27001

Information security management certification planned for 2026.

Planned
VAPT (Vulnerability Assessment)

Annual third-party penetration testing planned from 2026.

Found a security issue?

We take security reports seriously. If you believe you have found a vulnerability in Invytrix Adhara, please report it responsibly to our security team. We will acknowledge your report within 24 hours and keep you updated on our progress.

security@invytrixadhara.com
24-hour acknowledgement

We acknowledge every security report within 24 hours.

No legal action

We will not pursue legal action against researchers who report vulnerabilities responsibly.

Public recognition

With your permission, we will acknowledge your contribution in our security hall of fame.

Questions about security?

We are happy to answer any security questions before you sign up. Talk to our team.