SalaryFy
Back home
Resources · Security

Security at SalaryFy.

Last updated · December 2025

01

Architecture

SalaryFy is built on a local-first architecture. Sensitive financial data is computed on your device wherever possible, with encrypted backups for recovery.

02

Encryption

At rest: AES-256 for all stored data.

In transit: TLS 1.3, HSTS, certificate pinning for mobile.

Passwords: Argon2 hashed, never stored in plaintext.

03

Access control

Principle of least privilege for all internal systems. Production access requires SSO + hardware 2FA. All access is logged and reviewed monthly.

04

Monitoring

We run 24×7 automated monitoring for intrusions, anomalies, and data exfiltration attempts. Incidents trigger automated alerts to our on-call engineers.

05

Third-party assessments

We undergo annual penetration testing by an independent CERT-In empanelled firm. Executive summary available on request under NDA.

06

Incident disclosure

In the unlikely event of a security incident affecting user data, we commit to a transparent disclosure within 72 hours, per DPDP Act requirements.

07

Bug bounty

We maintain a responsible-disclosure program. Email security@salaryfy.in with your findings; verified reports are eligible for rewards.

Questions?

Write to us.

We respond to all policy queries within 3 working days.

legal@salaryfy.in