Last updated June 15, 2026
Every protected business workflow in 3ABiz verifies authenticated user identity and active tenant membership before reading or writing any business data. Cross-tenant data access is not permitted in feature code. Any platform-owner administrative access to multiple tenants is an explicitly designed, separately audited workflow with restricted access.
Access within a tenant is governed by assigned roles (OWNER, MANAGER, STAFF, ACCOUNTANT). Owner-only routes such as billing, platform settings and user management enforce server-side role checks. MANAGER and STAFF access is limited to permitted workflows and assigned records. Accountant access is scoped to assigned firms and GSTINs only.
All protected app routes require a verified, authenticated session. Authentication is managed through the configured auth provider. Session tokens and credentials are never stored in source code, public environment variables or application logs. Users are responsible for maintaining the security of their login credentials.
Important financial, export, billing, support and platform-owner actions are recorded in audit logs. Audit log entries include the action, actor, tenant, timestamp and relevant record identifiers. Audit logs are tenant-scoped and are available to authorised users for review.
Production document, import file and backup storage uses private storage buckets. Files are not publicly accessible. File access is permission-checked before signed URLs or downloads are issued. Temporary signed URLs are time-limited and scoped to the authorised user's tenant.
Production database backups are stored in encrypted form where the cloud provider supports it. Backup health is monitored and restore procedures are tested before public launch. One-click production restore is not exposed in the application to prevent accidental or unauthorised data overwrites.
3ABiz is designed to use AWS India-region infrastructure for production application data and private business documents where configured. Production document storage is intended to remain in the AWS India region according to the configured deployment policy.
Platform and admin users are granted access only to what is required for their defined role. Internal tooling, deployment workflows and CI/CD pipelines use least-privilege access policies. Production credentials, API keys and secrets are stored only in environment variables or encrypted deployment secret stores and must not appear in source code, logs or public configuration.
3ABiz monitors for failed login attempts, failed payments, backup health, system errors and unusual high-usage activity. Security events trigger internal alerts. Platform-owner visibility into these signals is limited to authorised internal access.
Users share responsibility for the security of their accounts. You are responsible for:
Security controls protect your data from unauthorised access, but they do not validate the accuracy of data entered by users. Tax calculations, invoice totals, GST summaries, reports and exports are generated from the data entered into the platform. 3ABiz does not independently verify GSTINs, HSN codes, tax rates, place of supply, quantities, prices or other business information. Incorrect input produces incorrect output. Users are responsible for verifying all outputs before use for filing, audit, statutory decisions or external sharing. For full liability and verification responsibilities, see the Disclaimer and Terms and Conditions.
If you suspect a security incident, unauthorised access or a data breach involving your account, contact us immediately at: [INSERT SECURITY / GRIEVANCE EMAIL]. We will investigate and respond in accordance with applicable law and notify affected users and authorities where required.
Security safeguards reduce risk but cannot eliminate all risks. No method of electronic transmission or storage is completely secure. 3ABiz uses reasonable safeguards appropriate for a cloud-based SaaS service. In the event of a confirmed breach, 3ABiz will take steps to contain the incident, investigate the cause, notify affected parties and report to relevant authorities as required by applicable Indian law.
3ABiz is a product by 3A Innovation.