Trust

Security policy

This page is maintained by SaathiX Technologies to answer common security questions about SaathiX ERP. It describes the controls we operate today, not a certification.

Last updated 14 January 2026 8 sections security@saathix.com
1

1. Our security principles

  • Least privilege by default: no one at SaathiX reads customer data unless a support ticket authorises it.
  • Encrypt everything at rest and in transit.
  • Log everything so we can audit later.
  • Fail closed, alert loudly.
2

2. Encryption

  • Data at rest: AES-256 on database and object storage.
  • Data in transit: TLS 1.2 and 1.3 with modern cipher suites.
  • Backups: encrypted with a separate key managed in a hardware security module.
3

3. Hosting and residency

All customer data is hosted in India on an enterprise cloud with ISO 27001 and SOC 2 certified data centres. We do not replicate data outside India.

4

4. Access controls

  • Role based access inside your account: Owner, Manager, Cashier, Accountant.
  • PIN and biometric unlock for cashiers on shared devices.
  • Optional IP allowlist for the Owner role.
  • Employee access at SaathiX requires MFA and is logged.
5

5. Backups and recovery

Automated backups run every 24 hours with a 30 day point in time restore. Restores are tested quarterly. Business continuity target: RPO 24 hours, RTO 4 hours.

6

6. Monitoring and incident response

  • 24x7 platform monitoring with automated alerts.
  • Security incidents are triaged within 1 hour.
  • Affected owners are notified within 72 hours as required by the DPDP Act.
7

7. Vulnerability reporting

Found something concerning? Please email security@saathix.com with steps to reproduce. We acknowledge within 24 hours and coordinate a fix. Please do not publicly disclose before we confirm the fix has shipped.

8

8. Shared responsibility

SaathiX secures the platform. You secure your account: use strong passwords, rotate PINs when staff leave, and review the audit log inside Settings monthly.

Questions on this policy?

Reach the SaathiX legal and privacy desk at security@saathix.com. We respond within 2 working days.