Architecture
SalaryFy is built on a local-first architecture. Sensitive financial data is computed on your device wherever possible, with encrypted backups for recovery.
Encryption
At rest: AES-256 for all stored data.
In transit: TLS 1.3, HSTS, certificate pinning for mobile.
Passwords: Argon2 hashed, never stored in plaintext.
Access control
Principle of least privilege for all internal systems. Production access requires SSO + hardware 2FA. All access is logged and reviewed monthly.
Monitoring
We run 24×7 automated monitoring for intrusions, anomalies, and data exfiltration attempts. Incidents trigger automated alerts to our on-call engineers.
Third-party assessments
We undergo annual penetration testing by an independent CERT-In empanelled firm. Executive summary available on request under NDA.
Incident disclosure
In the unlikely event of a security incident affecting user data, we commit to a transparent disclosure within 72 hours, per DPDP Act requirements.
Bug bounty
We maintain a responsible-disclosure program. Email security@salaryfy.in with your findings; verified reports are eligible for rewards.