Security & Privacy

Your client data stays
protected.

When your team handles sensitive US client financials, payroll data, and tax documents — security is non-negotiable. Here's exactly how we protect your data.

DPDP 2023

India's Digital Personal Data Protection Act

SOC 2

System and Organization Controls Type II

GDPR

EU General Data Protection Regulation aligned

24h

Chat data retention

File retention after analysis

Data used for AI training

100%

Company data isolated

🗑️Data Retention

Chat history deleted every 24 hours

All conversation data is automatically purged at the end of each working day. Nothing lingers on our servers. Your team's queries about client financials, tax data, or payroll are never retained beyond one day.

📁File Privacy

Files deleted immediately after analysis

When your team uploads an Excel sheet, bank statement, or PDF — the file is analyzed and deleted from our servers immediately. We never store uploaded documents beyond the analysis request.

🔒AI Privacy

Zero AI training on your data

Your queries, file content, and conversation history are never used to train any AI model. What your team types stays private. We use enterprise API agreements with AI providers that prohibit training on customer data.

🏢Isolation

Complete company-level data isolation

Every company on StackBharat is fully isolated. Your team's conversations, topics, members, and usage data are never accessible to any other company. Row-level security enforced at the database layer.

🛡️Compliance

SOC 2 compliant infrastructure

We run on enterprise-grade cloud infrastructure with SOC 2 Type II compliance. This means rigorous controls around availability, security, and confidentiality — the same standard used by enterprise software companies.

⚖️Legal

DPDP 2023 aligned

StackBharat is designed in alignment with India's Digital Personal Data Protection Act 2023. We process only the data necessary for providing the service, and we do not sell or share personal data with third parties.

🔑Auth

Google OAuth — no passwords stored

Your team signs in with Google. We never store passwords. Authentication tokens are managed by Supabase Auth with industry-standard security practices. Session tokens expire and are rotated automatically.

📋Audit

Admin audit logs

Every admin action is logged — member additions, topic changes, plan changes. Admins can view full conversation transcripts for compliance. You always know what's happening in your workspace.

🤝

Have specific security requirements?

For enterprise clients with specific compliance, audit, or data residency requirements, we can work with you on custom agreements, SOC 2 reports, and DPA documentation.

Contact our security team →

Your client data staysprotected.