ShallyStart Free Trial

Security at Shally

Your business data is our highest priority.

Last updated: June 2026

Encryption

  • In Transit: TLS 1.3 with 256-bit AES encryption. HTTPS enforced.
  • At Rest: AES-256 encryption for all stored data and backups.
  • Passwords: Bcrypt with 12 salt rounds. Never stored in plain text.
  • API Keys: AES-256 encryption in isolated key vaults.

Infrastructure

  • Cloud: Amazon Web Services (AWS) with industry-leading certifications.
  • Data Center: Mumbai (ap-south-1) with automatic failover.
  • File Storage: AWS S3 with server-side encryption and private bucket policies.
  • Uptime: 99.9% SLA with real-time monitoring.

Data Protection

  • Multi-Tenant Isolation: Logical isolation per customer. Cross-tenant access impossible by design.
  • Backups: Automated daily backups with 30-day retention.
  • Data Portability: Export all data in CSV/JSON at any time.
  • Deletion: All data permanently deleted within 30 days of account termination.

Access Control

  • RBAC: Granular roles from Viewer to Workspace Owner with module-level control.
  • Authentication: HMAC-SHA256 tokens with automatic session expiry.
  • Rate Limiting: Database-backed rate limiting with auto-lockout on failed attempts.
  • Audit Logging: Complete trail of administrative actions and security events.

Compliance

  • GDPR: Compliant with General Data Protection Regulation. Learn more →
  • Indian IT Act: Compliant with IT Act 2000 and IT (Security Practices) Rules 2011.
  • Tax & Locale: Workspaces configure their own tax conventions (VAT, GST, sales tax), currency, and date formats.
  • PCI DSS: Payments via Razorpay/Stripe (PCI DSS Level 1). We never store card details.

Report a Vulnerability

Responsible disclosure to:

security@shally.io