Security & Data Protection
Your clients' financial data is sacred. Here's how we protect it.
Last updated: March 2026
Your Data Belongs to You
We never sell, share, or use your financial data for any purpose other than providing our service to you. Your clients' information stays confidential and under your control at all times.
How We Protect Your Data
Encryption in Transit
All data transmitted between your browser and our servers is encrypted using HTTPS with TLS 1.3. This means no one can intercept or read your data while it's being transferred.
Secure Authentication
Passwords are never stored in plain text. We use industry-standard bcrypt hashing with salt, making it computationally infeasible to reverse-engineer your password.
Complete Data Isolation
Your firm's data is completely isolated from other users. Each company and financial record is linked exclusively to your account. No other user or firm can ever access your clients' information.
Role-Based Access Control
Only you and your authorized team members can access your data. We implement firm-level permissionsto ensure proper access levels. Team members see only what they're authorized to see.
Session Protection
We enforce single-session login to prevent unauthorized concurrent access. Sessions expire after inactivity, and you can log out from all devices if needed.
Secure Infrastructure
Our application runs on enterprise-grade cloud infrastructure with regular security updates, automated backups, and 24/7 monitoring for suspicious activity.
You're in Control
Your Rights
- ✓Access your data anytime
- ✓Export all your financial data
- ✓Correct inaccurate information
- ✓Delete your account and data
- ✓Transfer data to another service
Data Retention
We retain your data only while your account is active. When you delete your account:
- •Companies go to Recycle Bin (7-day recovery period)
- •Permanent deletion after 7 days
- •No data retained after account deletion
- •Billing records retained as required by law
What We Never Do
Third-Party Services
We use a limited number of trusted third-party services to operate Zage Books. Each service only receives the minimum data necessary to perform its function:
| Service | Purpose | Data Shared |
|---|---|---|
| Razorpay | Payment processing | Email, payment amount (no financial data) |
| Resend | Transactional emails | Email address only |
| Cloud Hosting | Application & database hosting | All data (encrypted) |
All third-party services are bound by confidentiality agreements and comply with applicable data protection regulations.
Frequently Asked Questions
Who can see my clients' financial data?▾
Only you and team members you explicitly authorize within your firm. Our staff cannot access your data without your written permission, and even then, only for technical support purposes.
Is my data backed up?▾
Yes. We perform automated daily backups of all data. Backups are encrypted and stored securely. In case of any system failure, your data can be restored.
What happens if I delete a company by mistake?▾
Deleted companies go to a Recycle Bin where they remain for 7 days. During this period, you can restore them. After 7 days, data is permanently deleted.
Can I export all my data?▾
Yes. You can export your trial balance, financial statements, and other data at any time. We believe your data belongs to you.
What if there's a data breach?▾
In the unlikely event of a security incident, we will notify affected users within 72 hours as required by law, along with details of what happened and steps being taken.
Do you share data with government agencies?▾
Only if legally required by valid court order or government notice. We will notify you unless legally prohibited from doing so.
Have Security Concerns?
We take security seriously. If you have questions or concerns, please reach out.