Security & Data Protection

Architecture

• Per-tenant SQL database. Every customer runs on a dedicated database — no shared-schema multi-tenancy.
• Encrypted GST e-invoicing. The IRN payload sent to the government e-invoicing portal is encrypted end-to-end with industry-standard encryption.
• TLS 1.2+ for all HTTP traffic. HSTS enforced.
• Antivirus scanning on every file uploaded to the platform.
• Row-level audit is enabled across almost every record in the product — who, when, what changed — captured automatically.

Authentication

• OAuth 2.0 SSO via Google Workspace and Microsoft 365.
• Granular role-based permissions with module-level and feature-level gates.
• Hierarchy access graph for manager / rep visibility.
• Branch- and company-level scoping for multi-entity tenants.

Data residency

Customer tenant data is hosted on servers in India. No cross-border transfers without explicit written consent.

Reporting a vulnerability

Email connect@upgearcrm.com with the subject "Security disclosure". We triage within 24 hours and aim to resolve high-severity reports within 7 days.

A detailed security white paper for enterprise procurement reviews is available on request.