Trust

Security, compliance, data residency.

One page, no marketing fluff. What we encrypt, what we audit, where your data lives, which sub-processors see it. Built for both India and the United States from day one — not retrofitted as an "international add-on."

Secure infrastructure for financial documents

Security

Defense in depth across the platform.

  • AES-256 encryption at rest for every Postgres column carrying PII (PAN, Aadhaar, SSN, bank account, TIN).
  • TLS 1.3 in transit. HSTS preloaded. No mixed content anywhere on nijam.co.
  • RBAC with six tiers (SYSTEM_ADMIN / OWNER / ADMIN / MANAGER / MEMBER / VIEWER) + per-module ACL overrides. CA and CPA practitioner roles add jurisdiction-bound surfaces.
  • Single sign-on via WorkOS (SAML 2.0 + Okta + Azure AD + Google Workspace). SCIM directory sync on Enterprise.
  • Webhook signatures verified with HMAC-SHA256 + timingSafeEqual (no compare-leak). Replay tolerance: 5 minutes.
  • Ghost Mode (admin impersonation) is read-only — writes blocked at the request layer with `requireNoGhostWrites`. Every impersonation session logged with actor + target + IP.

On-chain proof

Document hashes anchored to Solana — proof survives provider shutdown.

  • Every signed agreement, approved timesheet, and finalized invoice computes a SHA-256 hash and anchors it on Solana mainnet via the unified verify pipeline.
  • PAdES B-LT signed PDFs embed the timestamp + certificate chain so signatures remain valid without our infrastructure.
  • Public verify URL — third parties verify the signature without a Nijam login.
  • Circuit breaker + retry queue handle transient RPC failures — documents remain anchored and verifiable even during network instability.
  • If Nijam shuts down tomorrow, every signed document remains verifiable on the public ledger. This isn't marketing — it's structural.

Compliance

Both jurisdictions, both regulatory regimes, one platform.

  • India: Information Technology Act 2000 §3A (Aadhaar OTP eSign) + §5 (electronic signatures). Digital Personal Data Protection Act 2023 (DPDPA) data-subject request flow + consent management.
  • United States: E-SIGN Act + Uniform Electronic Transactions Act (UETA). Treasury Circular 230 for CPA engagement letters. IRC §7216 confidentiality for tax-return preparer disclosures.
  • European Union: GDPR data-subject rights (access, rectification, erasure, portability). Standard Contractual Clauses for cross-border transfers.
  • SOC 2 Type II report — available on Enterprise NDA. Type I bridge letter on Pro.
  • Annual penetration test by an independent CERT-In empanelled auditor (India) + an external US firm (United States). Last test: completed within 12 months of this page's last update.

Data residency

Two regions, no automatic cross-region replication.

  • India tenants are pinned to ap-south-1 (Mumbai) Postgres + Supabase. US tenants are pinned to us-east-1 (N. Virginia).
  • Audit logs replicate to a read-only archive in the same region. No automatic cross-region copies for PII tables.
  • Solana anchoring is a public-ledger write — only the SHA-256 hash leaves the region, never the underlying document content.
  • Cross-jurisdiction orgs (rare) can opt into either residency; the second-jurisdiction surface (e.g., a CPA Portal for an India-pinned org) reads from the primary region without replicating PII.

Sub-processors

Every third-party service that touches your data, named.

  • Database + auth + storage: Supabase (us-east-1, ap-south-1).
  • Application hosting: Vercel.
  • Email: SMTP via the configured provider per org plan (default: AWS SES).
  • AI inference: DeepSeek (primary), Anthropic Claude (legal-heavy tasks), Google Gemini (extraction tasks). Routed via /lib/ai/router with the proxy capturing tokens-in/out for billing.
  • Aadhaar eSign: Digio (CCA-licensed ASP).
  • KYC + identity: Persona, Plaid, Lexis Nexis (US KBA); Surepass, Digilocker, Karza (India KYC).
  • Payments: Razorpay (India), Stripe (United States).
  • Background verification: in-house BGV pipeline + external watchlist databases.
  • Observability: Sentry (errors), Vercel Analytics (web vitals).

Incident response

What we do when something goes wrong.

  • Sev-1 acknowledgement: under 15 minutes (Enterprise SLA), under 1 business hour (Pro).
  • Status page at status.nijam.co — updated within 5 minutes of any region-wide degradation.
  • Data breach notification: within 72 hours for personal data per DPDPA + GDPR, per IT Act SPDI Rules for sensitive personal data.
  • Post-incident write-up published within 5 business days of resolution, including root cause + remediation + customer-impact summary.
  • Backup posture: hourly Postgres snapshot, 30-day retention. Restore tested quarterly.

Need the security questionnaire?

We answer CAIQ, SIG, and custom-formatted questionnaires within two business days. Tell us your jurisdiction + the framework you're evidencing.

Talk to us