Skip to content
KB

Pick a PIN to unlock the app on this device.

Enter your PIN again to confirm.

Welcome back to Ketpy Book.

🔒

Too many wrong attempts. Try again in seconds.

KB
Ketpy Book
Trust & Security

Your data, encrypted, in India, backed up daily.

We earn the trust your CA places in us by treating your books like our own.

At a glance

Built on strong defaults.

🔐

AES-256 + TLS 1.3

Data encrypted at rest with AES-256 (database + storage). All transit over TLS 1.3 with HSTS preload.

🇮🇳

India data residency

Hostinger Mumbai region. Daily backups stored in same jurisdiction. No data leaves India.

🔄

14-day rotated backups

Automated DB + storage backup at 03:00 IST nightly. Encrypted ZIPs. 14-day retention with point-in-time restore.

👥

Role-based access

Owner, Accountant, Staff roles with least-privilege defaults. Per-user audit trail.

🔑

Strong auth

Argon2id password hashing. 6-digit email OTP for tenants. Mandatory TOTP 2FA for super-admins.

📜

Audit log everything

Every login, status change, refund, plan switch, feature override, impersonation event — append-only audit_logs table.

🚦

Rate limited everywhere

Login (5/min/email), admin login (3/min/IP), OTP (3/min), webhook (120/min) — distributed buckets.

🛡

OWASP-ready headers

X-CTO, X-Frame-Options, Permissions-Policy, HSTS preload, Content-Security-Policy report-only.

⚙️

Hourly platform smoke

platform:smoke artisan command runs every hour — DB integrity, ledger invariant, AR reconciliation.

Compliance roadmap

Where we are + where we're going.

Standard Status Details
DPDP Act 2023 (India) Compliant Data fiduciary obligations followed; data principal rights respected via Settings → Data export/delete.
ISO 27001 Targeting Q4 2026 Internal ISMS in place; auditor engagement underway.
SOC 2 Type II Targeting 2027 On the roadmap once we cross 10K active tenants.
GSTN GSP empanelment Mock-only today IRP/EWB use mock adapter on local; production NIC integration onboarding-gated per tenant.
Razorpay PCI compliance Inherited We never see card data — Razorpay-hosted checkout PCI-DSS Level 1.
Found a vulnerability?

Responsible disclosure.

Report to team@ketpy.com with PGP encryption preferred (key fingerprint BA21 0A88 ... on request). We respond within 48 hours and credit the researcher in our hall of fame.

No bug bounty (yet) Safe-harbour for good-faith research No public disclosure for 90 days

Trust the platform that's transparent about how it's built.

Lite ₹499/year · Pro ₹1,199/year · 30-day refund — try every report, every export.

Get Ketpy Book → Talk to security team
📱

About the Ketpy Book App

A lightweight installable app for tenant access. Works on Android, iOS, Windows, macOS and Linux.

🔒 Safe by design: a PWA cannot read other apps' data or run code outside your browser sandbox. There are no security violations.
⏱ Heads up: install can take up to 30 seconds. Don't panic — the Ketpy Book icon will appear in your app drawer / home screen within 30 seconds of confirming.

Installing Ketpy Book…

Confirm the prompt on your device.

⏱ This can take up to 30 seconds. The icon will appear in your app drawer / home screen shortly — don't panic.