Your clients’ data, protected like a ledger
A CA holds some of the most sensitive financial data in the country. MilaanGST is built so that trust is structural — not a promise. Here is exactly how your data is handled.
Multi-tenant isolation
Every firm’s data is separated at the query layer — enforced in a Prisma client extension that filters every firm-scoped read/write by the trusted firm id from the session, never from client input. One firm can never see another’s clients.
Encryption in transit & at rest
All traffic is served over HTTPS (TLS, auto-renewing certificate). Sensitive stored secrets — SMTP passwords, GSP credentials — are encrypted with AES-256-GCM before they touch the database; they are never stored or logged in plaintext.
Authentication & sessions
Passwords are hashed with bcrypt. Sessions are httpOnly, signed JWTs with a per-device session id; a maximum of two active devices per user, and any device can be signed out remotely — revoked immediately on its next request.
Append-only audit trail
Every create, update, delete, period close and approval is recorded with actor, timestamp and before/after snapshots. The trail is reviewer-ready and cannot be silently edited — accountability by design.
Role-based access control
Firm-admin, manager and staff roles with enforced permissions on every API route: staff draft, managers approve, admins control. Client-portal users get a strictly read-only, single-client scope.
Backups & recovery
Automated database backups with rotation, plus a tested restore drill that rebuilds into a scratch database and verifies row counts — so recovery is proven, not assumed. Your data is exportable by you at any time.
Data protection & DPDP alignment
Where your data lives
Data is hosted on infrastructure located in India and processed only to deliver the reconciliation, follow-up and notice features you use. We do not sell data, and we do not use client financial data to train any model.
You stay the data fiduciary
Under India’s Digital Personal Data Protection Act, 2023 (DPDP), your firm is the data fiduciary for your clients; MilaanGST acts as your processor, handling data on your documented instructions.
Your rights & controls
Export any client’s data at any time; request deletion of a firm’s data on account closure; role-based access limits who inside your office sees what. Retention follows statutory record-keeping needs and your instructions.
Subprocessors
We use a small, named set of subprocessors (hosting, email delivery, payments via Razorpay, and — only when you enable it — a GST Suvidha Provider for portal access). Each is engaged under contract for a specific function.
Certifications — where we are, honestly
We believe in stating our security posture plainly rather than implying audits we have not completed.
- LIVEDPDP-aligned data handling, AES-256-GCM secret encryption, RBAC, and an append-only audit trail — in production today.
- IN PROGRESSA published Data Processing Agreement (DPA) and sub-processor register for firms that require one before onboarding.
- PLANNEDIndependent ISO/IEC 27001 and SOC 2 Type II assessments as the customer base grows — we will link the reports here when complete, and never claim them before.
Found a security issue?
We welcome responsible disclosure. Email us and we will acknowledge quickly and work with you on a fix.
Questions on security or procurement? Talk to us.