Security

Save Tax Global · Security overview · Last updated: 25 March 2026

We design, deploy, and operate the Services using industry-recognized practices so your data is protected in transit, at rest, and during processing—including when you run interactive models, sensitivity (“playground”) drivers, or AI-assisted checks on our infrastructure.

1. Encryption

• In transit: TLS (HTTPS) for connections between your device, our applications, and cloud endpoints where applicable.
• At rest: Strong encryption for stored data (for example, AES-256) and key management appropriate to our cloud architecture (for example, AWS KMS where configured).
• Secrets: API keys and credentials are not embedded in client apps; they are managed through secure configuration and access-controlled environments.

2. Cloud infrastructure (Multi-Cloud)

A robust Multi-Cloud Architecture leverages AWS for knowledge-graph integrity and Google Cloud Vertex AI for high-performance financial reasoning. Depending on the feature, we may use Amazon Web Services (AWS) for hosting, storage, compute, and managed services. Examples include:

• Object storage (for example, Amazon S3) with private buckets and encryption for uploads you choose to store.
• Databases and application state (for example, DynamoDB or similar) with access controls.
• Serverless or orchestrated processing (for example, AWS Lambda, Step Functions) for model recalculation, delta-style updates, and workflows—so heavy math can run off the client where we design it that way.
• AWS KMS for encryption key management and envelope-style protection of sensitive material where configured.
• For Google Cloud-hosted workloads, Google Cloud KMS and Secret Manager are used to protect encryption keys and application secrets.
• Managed AI (Amazon Bedrock or comparable) only within isolated, feature-specific processing (for example, VPC-aligned or tenancy-appropriate configurations) and consistent with our Privacy Policy—we do not use your proprietary inputs to train public foundation models for our benefit.

Shrixa employs a redundant, high-availability infrastructure distributed across AWS and Google Cloud to ensure user financial data is encrypted and always accessible.

We do not sell your data. Subprocessors are bound by contract and used only to deliver the Services.

2a. Integrity and auditability (where offered)

Where a feature supports it, we may record assumption changes, model versions, or workflow events to help teams review what changed and when—including approaches such as tamper-evident or blockchain-anchored audit trails for critical steps. Availability depends on the product surface and your plan; not every screen or region exposes the same controls.

3. Data residency (India)

For users in India, we target processing and storage within India where practicable (for example, AWS Mumbai and Hyderabad regions), aligned with the Digital Personal Data Protection (DPDP) Act, 2023 (and related rules as applicable) and our privacy commitments.

4. Access controls

• Role-based, least-privilege access for systems and operational staff.
• Strong authentication for administrative actions; multi-factor authentication where supported.
• Logging of security-relevant events to support detection and investigation.

5. Application security

• Secure development practices and dependency awareness.
• Periodic reviews and vulnerability management.
• Monitoring to help detect abuse, anomalies, and unauthorized access.

6. Your responsibilities

• Use a strong, unique password and keep your device and OS updated.
• Do not share OTPs, backup codes, or session tokens with anyone claiming to be support.
• Report suspected unauthorized activity to us promptly via Contact or privacy@savetaxglobal.com.

7. Reporting security issues

If you believe you have found a vulnerability in our Services, please contact privacy@savetaxglobal.com with a clear description. We appreciate responsible disclosure.