Security

Security at Cyntrova

Protecting invoice data, client records, and accounting workflows

Built to handle invoices, GST data, and client workflows — without compromising control or safety.

Data protection Client isolation Export control
Protection
Encrypted handling, controlled access, and isolated client workspaces
Control
Nothing is pushed automatically. You review and export manually.
Contact
cyntrova@gmail.com

Security Controls Snapshot

Security posture is built for high-trust CA firms. Defense-grade safeguards are active today, while additional financial-grade control targets are rolled out in verified hardening sprints.

Identity Shield
Zero-trust authentication gates

Protected APIs are enforced with authenticated identity checks so request-level access is controlled, not assumed.

Tenant Isolation
Per-firm and per-client boundaries

Records are scoped with ownership filters to keep one firm's data isolated from every other workspace.

Transport + Storage
Encrypted flow with controlled file access

Invoices move through encrypted channels, and file access can be constrained with signed, time-bound retrieval patterns.

Real-time Channel
User-scoped live event delivery

Live updates are routed by authenticated user channels rather than global broadcast streams.

Abuse Defense
Rate-limits and payload controls

Upload throttles, auth rate-limits, and strict file constraints reduce abuse surface before it reaches processing layers.

Auditability
Traceable operations for finance teams

Operational logs and monitored error pipelines help teams investigate anomalies fast and prove who approved what.

Data Protection

  • All data is encrypted in transit (HTTPS).
  • Stored securely in cloud infrastructure.
  • Access restricted to authorised users only.

AI Processing Safety

  • Invoices are processed within controlled pipelines.
  • Data is used only for extraction and validation.
  • Never used to train public AI models without consent.

Access Control

  • Secure login required for all access.
  • Session-based authentication.
  • Users only see their own data.

Client Data Isolation

  • Each client has a separate workspace.
  • No cross-client data mixing.
  • Correct data shown to correct user context.

Export Control

  • Nothing is pushed automatically.
  • You export and import into Tally manually.
  • Full control over what goes into your books.

Operational Guarantees

  • Nothing enters Tally silently or through hidden background push.
  • Your team reviews flagged invoices first, then approves or edits before export.
  • No silent changes are applied to accounting books in the background.

Data Deletion

  • Invoices can be deleted anytime.
  • Data removed from active systems after deletion.
  • No reuse of deleted data.

Infrastructure Security

  • Protected APIs and backend systems.
  • Request validation and abuse prevention.
  • Designed to prevent unauthorised access.

Important

No system is 100% secure.

  • Cyntrova is built with strong safeguards, but users must also protect their login credentials and review exports before use.

Contact

For security questions or issues: cyntrova@gmail.com