YarnTally handles the operational data that runs your business. We treat it accordingly.
Every organization's data lives in its own row-level-security-scoped Postgres tenant. Other orgs literally cannot see your data — the database enforces it. Not an application check that could regress.
AES-256 encryption at rest via Supabase infrastructure. TLS 1.3 for all HTTP traffic. HTTPS enforced everywhere with HSTS. No plain-text passwords ever.
Every INSERT/UPDATE/DELETE on critical tables writes to an append-only audit log. Records who, when, from where, and what changed. Available to admins via /activity.
3 base roles (admin / manager / operator) enforced client + server + database. Enterprise adds per-user feature grants — control who sees Trade, Payroll, or Reports individually.
Postgres data lives in Supabase's Mumbai (ap-south-1) region. Vercel edge functions run close to your users. No data leaves Indian jurisdiction.
Data-fiduciary duties handled: right to correction, right to erasure (data export + delete), lawful-basis tracking, minor-safeguards. Data-processing agreement available for enterprise.
We treat security researchers with respect. If you find a vulnerability, please email security@mnbresearch.comwith details. We'll acknowledge within 24 hours, fix within 7 days for critical issues, and credit you publicly if you want.
No formal bug bounty program yet, but we send appreciation tokens (swag, or in-app credits) to genuine reports.
Enterprise buyers get a detailed technical whitepaper, DPA, and SOC-2 mapping. Email hello@mnbresearch.com.