Skip to main content
Security

Your Financial Data.
Fortified.

corpus handles your accounting records, GST filings, payroll, and bank data. We treat that responsibility seriously — with enterprise-grade security built into every layer of the platform.

AES-256

Encryption at rest

TLS 1.3

Encryption in transit

RLS

Per-row tenant isolation

< 1 hr RPO

Backup recovery point

Encryption

At Rest — AES-256

All data persisted to disk — invoices, ledgers, payroll records, GST filings, bank statements — is encrypted using AES-256-GCM via Supabase's managed PostgreSQL infrastructure. Encryption keys are managed by the infrastructure provider and rotated automatically.

In Transit — TLS 1.3

Every connection between your browser (or the corpus desktop app) and our servers is encrypted with TLS 1.3. Older protocol versions (TLS 1.0, 1.1) are rejected. HTTP traffic is automatically redirected to HTTPS with HSTS headers enforced.

Key rotation: Supabase infrastructure keys are rotated on a regular schedule. Customer-specific encryption for backups uses separate keys that are never co-located with the data they protect.

Tenant Isolation & Row Level Security

corpus uses a single shared database with strict PostgreSQL Row Level Security (RLS) policies. Every table that holds financial data has a company_id column. RLS policies enforce that every query — no matter which user or API key initiates it — can only see and modify rows belonging to their own organization.

Database-enforced, not application-enforced

Isolation is enforced at the PostgreSQL engine level. Even if application code contains a bug, the database rejects unauthorized row access before returning any data.

Verified at every query

RLS policies execute on every SELECT, INSERT, UPDATE, and DELETE. There is no query path that bypasses them — including direct SQL access.

Zero cross-tenant data leakage

Your invoices, ledgers, and payroll data are invisible to other corpus customers. The database does not contain any shared lookup tables that could expose organization names or identifiers.

Multi-company users

CAs managing multiple clients get separate authorization tokens per company. Switching companies re-validates the session against RLS — it is not a client-side permission switch.

Access Controls & Role Permissions

corpus implements role-based access control (RBAC) with four built-in roles. Admins can create custom roles with granular module-level permissions.

RoleReadWriteDeleteAdmin SettingsBilling
Owner
Admin
Accountant
Viewer

Session Management

15-minute access tokens, 30-day refresh tokens with automatic rotation. Each session is associated with a registered device. Global sign-out terminates all active sessions immediately.

Device Registry

Every login registers the browser fingerprint, IP address, and approximate location. Users can see all active sessions and revoke individual devices from Settings → Security.

Impossible Travel Detection

Logins from two geographically distant locations within one hour trigger a security alert and optional session freeze.

Brute-Force Protection

Failed login attempts are rate-limited and locked after repeated failures. Supabase Auth enforces exponential back-off on authentication endpoints.

Audit Logging

Every action that modifies financial data — voucher creation, invoice deletion, user permission changes, GST filing initiations — is written to an immutable audit log. The log is append-only: rows can never be updated or deleted by application code, and it is governed by strict RLS policies that permit only inserts.

Each audit entry records:

  • ·Who performed the action (user ID, name, email)
  • ·What changed (table, row ID, before/after values)
  • ·When it happened (UTC timestamp, immutable)
  • ·Where from (IP address, device fingerprint, approximate location)
  • ·Result (success, failure, permission denied)

Security event log

Authentication events (login, logout, MFA failures), device registrations, session revocations, and suspicious activity flags are tracked in a separate security_events table with a 90-day hot retention and 7-year cold archive.

In-app access

Admins can view the full audit log from Settings → Audit Log, with filters by user, date range, and action type. The log can be exported to CSV for external review or compliance purposes.

Backup Policy & Disaster Recovery

≤ 1 hour

Recovery Point Objective (RPO)

Maximum data loss in the event of a catastrophic failure. Point-in-time recovery gives us 1-minute granularity on the last 30 days.

≤ 4 hours

Recovery Time Objective (RTO)

Maximum downtime from a major incident to full service restoration, including data restoration and verification.

Daily automated backups

Full database snapshots are created every 24 hours and stored in geographically redundant object storage. Backups are encrypted at rest with separate keys from the primary data store.

Point-in-time recovery (PITR)

WAL (Write-Ahead Log) streaming enables recovery to any point within the last 30 days with 1-minute granularity. This means even a ransomware attack or mass accidental deletion is recoverable.

30-day hot retention

The last 30 days of daily backups are retained in warm storage for rapid restoration. Older backups move to cold storage for the duration required by Indian accounting law (7 years).

Restoration procedure

A restore request from an admin triggers our incident response workflow. We restore to a staging environment first to verify data integrity, then promote to production. Users are notified of restoration status via email and in-app.

Cross-region redundancy

Production data is replicated asynchronously to a secondary region. In the event of a primary data center outage, traffic can be failed over with minimal interruption.

Your Data. Your Property.

We believe your financial records belong to you — not to us. This is not a policy buried in legal text; it is a structural commitment backed by technical controls.

You own your data

All invoices, ledgers, payroll records, bank statements, and GST filings you create or import are your property. We are a custodian, not an owner.

We never sell your data

Your financial data is never sold, licensed, or shared with third parties for advertising, profiling, or commercial purposes. Period.

Export at any time

You can export your complete data — invoices, ledgers, reports — in CSV, Excel, or JSON formats from any screen, at any time, without needing to contact support.

Request deletion

Email hello@corpuserp.com to request full account and data deletion. We will confirm within 7 days and complete deletion within 30 days, subject to legal retention obligations under Indian law.

Retained after cancellation

Cancelling your subscription does not delete your data immediately. You retain read-only access for 30 days to export everything you need.

No AI training on your data

We use AI to power features for you. Your financial data is never used to train general-purpose models or shared with AI providers for anything beyond processing your own requests.

Service Status

Real-time uptime and incident history for all corpus services — API, authentication, sync, AI features, and compliance integrations.

View status →

Security questions?

Our security team responds within 2 business days. For vulnerability disclosures, email us directly.