§ SecurityReviewed quarterly

Plain-spoken,
technically honest.

No marketing puff. Below: how we protect your data, what we're certified for, what we're working on, and how to report a vulnerability.

Six pillars
I

Your books stay with you

Fintroller runs on your machine. Your accounting data is read over your own office network — not uploaded to someone else's cloud.

II

Bank connections you control

Bank statements arrive through the RBI-regulated Account Aggregator framework. Your bank shows you its own consent screen — we never see your password or OTP, and you can revoke any time.

III

You hold the signature

Filings are signed with your own digital-signature token, on your machine. No third party signs on your behalf; nothing is submitted without you.

IV

Audit trail on everything

Every action — agent or human — is logged with timestamp, actor, and rationale. Exportable for ICAI or any statutory review.

V

Encryption everywhere

TLS 1.3 in transit. AES-256 at rest. Per-tenant key isolation. No shared encryption surface.

VI

No model training on your data

We never use your books to train models. Customer data is contractually walled off from our research stack.

Certifications

Where we are. Where we're going.

SOC 2 Type II
Independent audit underway
In progress
ISO 27001
ISMS framework operational
In progress
DPDP Act 2023
Indian data protection from day one
Compliant
GDPR
For EU customers and processors
Compliant
Signed releases
Desktop builds signed and notarised
Active
Bug bounty
₹50,000 to ₹5,00,000 per finding
Active
Bug bounty

Report a vulnerability.

We pay between ₹50,000 and ₹5,00,000 per valid finding, depending on severity. Send a detailed report to security@fintroller.com with reproduction steps and impact analysis. We respond within 24 hours.

Critical
₹3,00,000 – ₹5,00,000
High
₹1,00,000 – ₹3,00,000
Medium
₹50,000 – ₹1,00,000
Low
₹10,000 – ₹50,000
Early access · Free during beta

Be early.

Founders' pricing, locked for life. Priority onboarding for early members.