Security at TaxInvestInsure
We handle sensitive financial documents every day. Here is how we keep your data safe.
AES-256 Encryption at Rest
Every document you upload is encrypted using AES-256 (Fernet) before it touches disk. Even if someone gains access to the server's filesystem, they cannot read your files without the encryption key.
Uploaded Documents
Form 16, rent receipts, investment proofs, bank statements — all encrypted on upload.
Personal Identifiers
PAN, Aadhaar, and bank account numbers are stored encrypted in the database, not as plain text.
Query Attachments
Files attached to your CA queries are also encrypted using the same AES-256 standard.
Complete Audit Trail
Every action on your documents is logged with the user, IP address, and timestamp. You can see who accessed what and when.
Document Access Logs
Uploads, downloads, admin views, and status changes are all recorded with IP address and timestamp.
Change History
Every change to your profile, documents, and filings is tracked with full revision history.
Role-Based Access
You can only see your own documents, filings, and queries. Your CA can access your data to provide service, and their access is logged.
Client Isolation
Clients can only view and download their own uploaded documents and filings.
Staff Audit
When a CA views your document in the admin panel, it is logged automatically.
No Direct File URLs
Documents are served through authenticated download endpoints, not exposed via public URLs.
Hosted in India
All data is stored on servers in Mumbai, India. We enforce HTTPS on all connections and apply modern security headers.
HTTPS
All connections encrypted in transit
HSTS
Strict transport security enforced
Mumbai
Data hosted in India (DPDP Act)
Daily
Automated database backups
Questions about our security practices?
We are happy to walk you through how we protect your data.
Contact Us