Security

Personal identifiers used for filing (PAN, bank account number, IFSC) are stored with authenticated envelope encryption (AES-256-GCM): a tampered ciphertext is rejected, and the values are never returned to the browser in full. Traffic is served over TLS.

Every record is scoped to its owner and enforced by Postgres row-level security as defence in depth, on top of query-level scoping. The filing engine never trusts a client-supplied identity; web-to-engine traffic is signed with a service token.

Filing a return is an irreversible action, so it runs only behind an explicit, fail-closed authorisation gate after you approve the computed return. Nothing is submitted to the tax department without that approval.

API keys are stored as peppered hashes, never in plaintext; connected-account credentials are held as encrypted references. Security-relevant actions, especially filing, are written to an append-only audit log recording the actor and the decision.