Security & Privacy
Easedesk security overview — how we protect your data
Encryption at rest and in transit, India data residency, daily backups, role-based access, audit logs, and how Easedesk handles your business data.
Quick answer
Easedesk encrypts all data in transit (TLS 1.3) and at rest (AES-256). Data is hosted in India (Mumbai region). We take daily encrypted backups with 90-day retention. RBAC + audit logs + session controls protect against unauthorised access. Annual third-party security audit.
Encryption
All data in transit uses TLS 1.3. All data at rest (PostgreSQL + R2 file storage) is encrypted with AES-256 keys managed via our cloud provider's KMS.
Data residency
Easedesk hosts in the India region (Mumbai). Your business data never leaves India unless you explicitly enable export to an offshore tool. This is critical for India's data localisation expectations (DPDP Act, RBI rules for fintech).
Backups
Daily encrypted backups with 90-day retention. Point-in-time recovery to any second in the last 7 days. We test restore monthly.
Access control
RBAC (Role-Based Access Control) governs every action. 9 predefined roles + custom roles + per-user department scoping. Owner-only actions: billing, ownership transfer.
Audit logs
Every create/edit/delete/login is recorded with user, IP, timestamp and module. Available under Audit Log — exportable for statutory audit.
Third-party audit
Annual penetration test by an independent CERT-In empanelled firm. Findings + fix status available on request under NDA.
Frequently asked questions
Is Easedesk SOC 2 certified?
Where is my data stored?
Who at Easedesk can see my data?
What about employee data and DPDP Act?
Related articles
Still have questions?
Use the AI Assistant inside Easedesk (it has access to your data), or reach our team.
Contact support