Controls at a glance
Encryption
TLS 1.2+ in transit on every endpoint. AES-256 at rest for the database and backups.
Access control
Role-based permissions, per-workspace isolation, scoped audit log on every privileged action.
Authentication
Argon2 password hashing, mandatory password rotation on suspected compromise, optional SSO + SAML on paid plans.
Backups
Continuous DB replication, daily encrypted snapshots, point-in-time restore for the last 7 days.
Monitoring
Centralised structured logs, anomaly detection on auth attempts, paged on-call rotation 24×7.
Tenant isolation
Every query is workspace-scoped at the ORM layer; row-level checks make cross-workspace reads impossible by construction.
Compliance
- SOC 2 Type II — audit in progress. Targeted completion: Q3 2026.
- GDPR — DPA available on request; EU data residency for enterprise.
- CCPA — supported via the same data-rights flow as GDPR.
- India IT Act / DPDP — compliant; primary residency is
ap-south.
Vulnerability disclosure
We take security reports seriously. If you've found something, please email info@aabhyasa.com with:
- A short summary and reproduction steps.
- Affected URL or endpoint.
- Whether you'd like to be credited in our disclosure thank-you list.
We acknowledge reports inside one business day, fix critical issues within 7 days, and we don't litigate good-faith researchers.
Incident response
Confirmed security incidents are escalated to our incident commander, communicated to affected customers within 24 hours of confirmation, and post-mortemed in writing inside 7 days.
Need a security review?
Enterprise customers can request our security review pack — penetration test summary, architecture diagram, DPA, sub-processor list. Drop us a note and we'll send it.