Your business data deserves enterprise-grade protection.
We treat security like a first-class feature, not an afterthought. Here's exactly how we protect your data.
Five layers of defence
TLS 1.2+ in Transit
Every byte between your browser and our servers is encrypted with modern TLS.
AES-256 at Rest
Database and backup files are encrypted with AES-256-GCM.
Per-Tenant Isolation
Each tenant lives in its own database — physical isolation, not just row-level.
Daily Encrypted Backups
30-day retention by default, with download + dry-run restore for SAs.
Audit Logs
Every material mutation is recorded with user, timestamp, IP, and module.
RBAC + Manager PIN
Granular roles per branch + signed manager-override tokens for sensitive POS actions.
Operational practices
Authentication
- Bcrypt-hashed passwords (cost factor 10)
- JWT-based sessions with revocation cache
- Forced logout on permission changes
- Optional manager PIN for POS overrides
Code & infrastructure
- Static analysis + dependency audits before each release
- TypeScript strict-mode across the frontend
- Read-only guards on subscription-expired tenants
- All secrets in environment variables, never in source
Incident response
- 24-hour disclosure to affected tenants
- Postmortem published within 7 days
- Backup-restore drills tested monthly
- Direct line to engineering for critical issues
Compliance
- GST-rule compliant invoice generation
- PCI-out-of-scope: payments via Razorpay
- Data hosted in India
- Subject to Indian data protection law
Report a security issue
If you believe you've found a security vulnerability, please email security@meldtecho.com with the details. We acknowledge within one business day.
We do not currently run a paid bug bounty, but every responsibly-disclosed report is credited in our security acknowledgements.
Get Started in Minutes
Join 100+ Indian SMEs on Biliqo. 15-day free trial — no credit card required.