AES-256 encryption. India data residency. Quarterly ethical hacking. Daily backups. Your HUID records, gold inventory, and customer data are safer with SoniERP than on any paper register.
All your data — inventory, customer records, GST invoices, gold loan details — is encrypted using AES-256, the same standard used by global banks. Data in transit is protected by TLS 1.3.
Every quarter, certified ethical hackers conduct a Vulnerability Assessment and Penetration Test (VAPT) on our entire platform — API, frontend, mobile app, and infrastructure.
Every staff member's access is governed by role-based permissions (Owner, Manager, Salesperson, Accountant). Multi-factor authentication prevents unauthorised access even if passwords are compromised.
Your store data is backed up automatically every 6 hours. Daily snapshots are retained for 30 days, and weekly archives for 12 months — complying with India's 7-year GST record retention requirement.
All your data is stored exclusively in AWS Mumbai (ap-south-1), within India's borders. We do not transfer your data internationally. Compliant with the Digital Personal Data Protection Act, 2023.
SoniERP runs on a multi-availability-zone deployment with automatic failover. If one zone has issues, traffic automatically routes to healthy zones — no downtime, no data loss.
Found a security vulnerability? We appreciate responsible disclosure and reward it. Email us at security@sonierp.in with details. We respond within 24 hours and offer bounties for valid critical and high severity findings.
Report a VulnerabilityYes. Your HUID codes, inventory weights, and product details are encrypted at rest using AES-256 and can only be accessed by authenticated staff with appropriate RBAC roles. We never share or sell your data.
Only you and staff members you explicitly grant access to. SoniERP staff can only access anonymised system metrics — never your store's inventory, customer, or financial data, unless you open a support ticket and explicitly authorise us.
We have a 72-hour breach notification policy. If any security incident affects your data, we will notify you via email and WhatsApp within 72 hours with full details and remediation steps, as required by the DPDP Act, 2023.
Yes, always. Go to Settings → Data Export to download your complete store data as CSV, JSON, or PDF. Your data is yours. We will never hold it hostage.
We are currently undergoing SOC 2 Type II certification (expected Q4 2026). Our security practices already meet SOC 2 requirements — certification is the formal audit process.
Our security team responds within 24 hours. We speak jeweller, not jargon.