Data Isolation
Each tenant gets a dedicated PostgreSQL database — your data is physically isolated from every other customer. Database credentials are encrypted with KMS-managed keys using envelope encryption.
Encryption
All data in transit is protected with TLS 1.2+. All data at rest is encrypted using disk-level encryption. Sensitive fields (passwords, tokens) use additional column-level encryption.
Authentication
Argon2id password hashing. Multi-factor authentication via WhatsApp OTP. JWT access tokens (15-min expiry) with refresh token rotation. Session management with device tracking and revocation.
Access Controls
Granular role-based access control. Scope-based restrictions (companies, GSTINs, godowns). Field-level permissions. All sensitive operations logged in immutable audit trail.
Infrastructure
Hosted in Indian data centres (ap-south-1). Network segmentation, WAF, DDoS protection. Regular security patching. Vendor security reviews.
Backups & Disaster Recovery
Nightly backups retained 30 days. Weekly archives retained 12 months. RTO 4 hours, RPO 1 hour. Quarterly DR drills.
Compliance
DPDPA 2023 compliant. IT Act 2000 reasonable security practices. Companies Act 2013 audit trail (Rule 11(g)). SOC 2 Type II in progress.
Vulnerability Management
Dependency scanning in CI. Quarterly external penetration testing. Bug bounty program (coming soon). Security patches within 48 hours for critical issues.
Incident Response
Documented incident response procedures. 24×7 on-call rotation. Status page (status.quickmanager.in). Customer notifications for material incidents.
Report a Security Issue
If you believe you've found a security vulnerability, please email [email protected]. We typically respond within 24 hours.