Your clients' financial data is among the most sensitive information that exists. We treat it that way. Every design decision in Invytrix Adhara starts with one question: is this secure enough for a CA firm managing 50 clients?
DATA SECURITY
Your financial data is processed exclusively to provide the reconciliation and GST services you have requested. That is the only purpose it serves.
All data stored in Invytrix Adhara — bank statements, invoices, receipts, GST files and reconciliation records — is encrypted using AES-256 encryption. The same standard used by banks and government institutions worldwide.
AES-256-GCM encryptionAll data transmitted between your browser and Invytrix Adhara servers is protected using TLS 1.3 — the latest and most secure transport protocol. Every connection is HTTPS only. No exceptions.
TLS 1.3 — HTTPS onlyYour bank statements, invoices and client records are processed solely to deliver reconciliation results to you. Access is controlled at the database level — tied to your authenticated account.
No data selling. Ever.DATA RESIDENCY
All Invytrix Adhara data is stored and processed in the AWS Mumbai region (ap-south-1) — within Indian jurisdiction. Your data never leaves India.
All data stored in AWS ap-south-1 (Mumbai). Subject to Indian data protection laws. No cross-border data transfer.
Processing, storage and backups all happen within Indian AWS infrastructure. Your clients' financial records never cross Indian borders.
Invytrix Adhara is designed in compliance with India's Digital Personal Data Protection Act 2023. Your data is processed within Indian infrastructure under Indian jurisdiction.
ACCESS CONTROL
Every workspace in Invytrix Adhara is completely isolated. No user can ever access another user's data — by design, not just by policy.
Every database query in Invytrix Adhara is filtered at the row level by your authenticated user ID. Even if a bug existed in our application logic, the database would reject any query that attempts to access another user's data.
PostgreSQL RLS — enforced at DB levelCA firms and their clients operate in completely separate workspaces. A CA's client data is only visible to that CA and the client — never to other CA firms or other businesses on the platform.
Multi-tenant isolation by designInvytrix Adhara uses magic link email authentication and Google OAuth — no passwords to steal, no password reuse risk. Every session is cryptographically signed and expires automatically.
Magic link + Google OAuthCOMPLIANCE ROADMAP
We are transparent about our current compliance status and our roadmap. We will never claim certifications we have not earned.
All data encrypted at rest and in transit.
All data stored and processed within India.
Database-enforced workspace isolation for every user.
Designed in compliance with India's Digital Personal Data Protection Act.
Security audit and certification in progress. Expected completion: 2026.
Information security management certification planned for 2026.
Annual third-party penetration testing planned from 2026.
We take security reports seriously. If you believe you have found a vulnerability in Invytrix Adhara, please report it responsibly to our security team. We will acknowledge your report within 24 hours and keep you updated on our progress.
security@invytrixadhara.comWe acknowledge every security report within 24 hours.
We will not pursue legal action against researchers who report vulnerabilities responsibly.
With your permission, we will acknowledge your contribution in our security hall of fame.
We are happy to answer any security questions before you sign up. Talk to our team.