Security

Audit log + access posture

Every privileged action, every login from a new IP, every export. Retained for 7 years per DPDP record-keeping requirements.

MFA enforced

100%

of paid users

Admin sessions, 30d

all from allowlisted IPs

Suspicious activity flags

last 30 days

Audit log, recent

Timestamp (UTC)	Actor	Action	Entity	Count	IP
2026-05-25T07:00:14Z	system	insight_generation_run	insights	10	internal
2026-05-25T06:42:08Z	system	email_sync	email_accounts:4	240	internal
2026-05-24T18:14:00Z	[email protected]	login	session	1	157.245.xx.xx (Mumbai, IN)
2026-05-24T07:01:08Z	system	notification_dispatch	notifications:8	8	internal
2026-05-23T14:22:42Z	[email protected]	tax_export	tax_year_summaries:2025	1	103.218.xx.xx (Mumbai, MH)
2026-05-23T09:08:14Z	[email protected]	impersonate	user:u_001	1	157.245.xx.xx (Mumbai, IN)