Security & data
A bookkeeping product is only as good as the trust behind its numbers. Here is how we earn it.
The controls that matter
Approval-gated writes
No entry is saved to your books without your explicit ✅. The agent can prepare, but only you can commit.
Tamper-evident audit log
Every entry, edit, and approval is hash-chained, so the record cannot be silently rewritten. The trail you need for a 6-year IRD record.
Role-based access
Owners approve; staff capture. Permissions are enforced on the server, not just hidden in the UI.
Idempotent payments
Khalti payments carry an idempotency key, so a retried message can never double-count a sale.
Encrypted PII
Your most sensitive identifiers, like PAN and VAT numbers, are encrypted at the field level with authenticated AES-256.
Per-business isolation
Each business sees only its own books. Tenant boundaries are enforced in the database itself, not just the app.
Your data is yours
You can export your books at any time, and request deletion of your account and data. We retain the records required for tax compliance only as long as needed, in line with the 6-year IRD retention rule, and never sell your data.
Reporting a vulnerability
Found a security issue? We want to hear about it before anyone else does. Email security@hisabkitab.pro and we'll respond quickly. Please give us a reasonable window to fix it before public disclosure.