Enterprise security

Your data. Locked down.

YarnTally handles the operational data that runs your business. We treat it accordingly.

Multi-tenant isolation

Every organization's data lives in its own row-level-security-scoped Postgres tenant. Other orgs literally cannot see your data — the database enforces it. Not an application check that could regress.

Encryption at rest + in transit

AES-256 encryption at rest via Supabase infrastructure. TLS 1.3 for all HTTP traffic. HTTPS enforced everywhere with HSTS. No plain-text passwords ever.

Immutable audit trail

Every INSERT/UPDATE/DELETE on critical tables writes to an append-only audit log. Records who, when, from where, and what changed. Available to admins via /activity.

Role-based + per-user access

3 base roles (admin / manager / operator) enforced client + server + database. Enterprise adds per-user feature grants — control who sees Trade, Payroll, or Reports individually.

India-hosted infrastructure

Postgres data lives in Supabase's Mumbai (ap-south-1) region. Vercel edge functions run close to your users. No data leaves Indian jurisdiction.

DPDP Act ready

Data-fiduciary duties handled: right to correction, right to erasure (data export + delete), lawful-basis tracking, minor-safeguards. Data-processing agreement available for enterprise.

Compliance

Certifications & regulatory posture

DPDP ActCompliant
Digital Personal Data Protection Act, 2023
GDPRData-portable
Full CSV export of every table for right-to-portability
SOC 2 Type IIUnderlying infra (Supabase, Vercel)
Our providers are SOC 2 certified. Direct YarnTally certification is on Q1 2027 roadmap.
ISO 27001Underlying infra
Supabase + Vercel infrastructure holds ISO 27001. Direct cert on 2027 roadmap.
Responsible disclosure

Found a vulnerability?

We treat security researchers with respect. If you find a vulnerability, please email security@mnbresearch.comwith details. We'll acknowledge within 24 hours, fix within 7 days for critical issues, and credit you publicly if you want.

No formal bug bounty program yet, but we send appreciation tokens (swag, or in-app credits) to genuine reports.

Need our full security whitepaper?

Enterprise buyers get a detailed technical whitepaper, DPA, and SOC-2 mapping. Email hello@mnbresearch.com.