Security and data protection
GST data is sensitive business data. We treat it that way with protected access, strict isolation, and auditability.
Protected reconciliation
Workspace and API access require a signed session before files can be reconciled or exported.
Strict tenant isolation
Signed-in workspaces scope every record and query by tenant, so client records stay separated.
Immutable month freeze
Frozen months are retained as read-only snapshots in the workspace.
Full audit trail
Sensitive actions such as upload, match, freeze, and impersonation are logged with user, time, and reason.
No GST portal passwords
We never ask for or store your GST portal credentials. You download GSTR-2B yourself.
Hardened uploads
File size limits, file type checks, row caps, and validation guard the parsing pipeline.
Compliance posture
- HTTPS / TLS in transit
- Role-based access control
- File type and size guards
- Tenant-scoped exports