Your Financial Data. Our Obsession.
You are trusting us with your GST filings, your customer invoices, and your company's financial history. We don't take that lightly. Here's exactly how we protect every rupee of data.
Dedicated Database Per Company
Your data is never mixed with other businesses. Ever. Each company gets its own isolated PostgreSQL database on our cloud data platform, completely separate from every other tenant.
Even if another company is on the same plan, your tables, your ledgers, your invoices live in a database that no one else can touch.
256-bit SSL Encryption
All data encrypted in transit via TLS 1.3 and at rest via AES-256 on the database layer. Every API call, every page load, every file transfer is encrypted end to end.
We enforce HTTPS-only cookies and HSTS headers. There is no way to access QwikBills over an unencrypted connection.
Automatic Daily Backups
Your data is backed up every 24 hours with point-in-time recovery. Backups are stored in a separate region from your primary database.
Powered by our cloud data platform's branch-based backup system. We can restore your data to any point in the last 7 days, down to the second.
Razorpay for Payments
We never see, store, or process your payment details. All transactions are handled by Razorpay, India's most trusted payment gateway, PCI DSS Level 1 certified.
Your card numbers, UPI IDs, and bank details never touch our servers. Razorpay handles tokenisation, 3D Secure, and fraud detection.
Granular Access Controls
You decide who sees what. 26 permissions across 9 modules, from "can view invoices" to "can approve GRN". Define roles, assign them to team members, sleep easy.
The salesperson sees only sales. The accountant sees only ledgers. The owner sees everything. No exceptions, no workarounds.
Authentication That Means Business
JWT-based authentication with single-session enforcement. If someone logs in from another device, your previous session is terminated instantly.
Passwords are hashed with bcrypt (12 salt rounds). Email verification via OTP. Password reset tokens are SHA-256 hashed with 1-hour expiry. No plaintext, ever.
Indian Data Protection Compliant
We follow the Digital Personal Data Protection Act (DPDPA) 2023 principles. Your data is processed in India, stored in India, and governed by Indian law.
We collect only what is necessary, retain only what is required, and delete on request. No selling data to third parties. No advertising. No tracking cookies.
Zero Employee Access to Your Data
Our team cannot browse your invoices, ledgers, or financial data. Database access is restricted to automated systems only. No human has a password to your tenant database.
Administrative operations (migrations, monitoring) run against system metadata, never against your business data. Audit logs track every administrative action.
Our Commitment
We will never sell your data. We will never show you ads. We will never share your information with third parties. Your financial data exists for one purpose: to help you run your business.
The QwikBills Team, Octet Logic