Trust

Security by design, not by promise.

We protect your residents' data the way we'd want our own protected.

Data protection

Built to align with India's Digital Personal Data Protection Act, 2023 (DPDP Act). Privacy policy enumerates collected data, purposes, retention, and data-subject rights.
Data is hosted in the Asia-Pacific (Supabase ap-south region) — no cross-border transfer required.
Encryption in transit (TLS 1.2+) and at rest (AES-256) for all stored data.

Four roles, scoped exactly: Super Admin, RWA Admin, Counsellor, Resident.
Residents never see admin pages. Admins never see other societies. Counsellors never see your finances.
Multi-factor authentication required for Super Admin and Counsellor accounts.

Every multi-tenant table has Postgres Row-Level Security (RLS) policies enforced at the database layer — not just the application layer.
A query for one society's data physically cannot return rows from another society's data — even in the case of an application bug.
Tested with cross-society isolation E2E tests on every release.

Daily encrypted backups via Supabase Pro — point-in-time recovery available.
Production errors surface in Sentry within seconds — we know about issues before users report them.
Rate-limited login and forgot-password flows to resist brute-force attacks.

DPDP Act 2023 — privacy policy enumerates data-subject rights (access, correction, erasure, nomination). Self-service DSAR (data subject access request) flows are on the roadmap; today, residents request via their RWA Admin or via support.
Information Technology Act 2000 — data privacy and security obligations.
RBI / NPCI rules for any UPI surface — your money never transits our systems on UPI claim flow.
Note: We are DPDP-aligned, not formally certified. Our gap list (consent record metadata, self-service DSAR, breach-response runbook, named DPO) is published with each release. Email security@rwaconnect.in for the current status.

Want a deeper dive (data flow diagrams, architecture, audit reports)? Email security@rwaconnect.in — we'll send a security pack under NDA.

Set up takes about two minutes. The 14-day trial gives you full access to every paid feature. No credit card.

Trust

We protect your residents' data the way we'd want our own protected.

Built to align with India's Digital Personal Data Protection Act, 2023 (DPDP Act). Privacy policy enumerates collected data, purposes, retention, and data-subject rights.
Data is hosted in the Asia-Pacific (Supabase ap-south region) — no cross-border transfer required.
Encryption in transit (TLS 1.2+) and at rest (AES-256) for all stored data.

Four roles, scoped exactly: Super Admin, RWA Admin, Counsellor, Resident.
Residents never see admin pages. Admins never see other societies. Counsellors never see your finances.
Multi-factor authentication required for Super Admin and Counsellor accounts.

Every multi-tenant table has Postgres Row-Level Security (RLS) policies enforced at the database layer — not just the application layer.
A query for one society's data physically cannot return rows from another society's data — even in the case of an application bug.
Tested with cross-society isolation E2E tests on every release.

Daily encrypted backups via Supabase Pro — point-in-time recovery available.
Production errors surface in Sentry within seconds — we know about issues before users report them.
Rate-limited login and forgot-password flows to resist brute-force attacks.

DPDP Act 2023 — privacy policy enumerates data-subject rights (access, correction, erasure, nomination). Self-service DSAR (data subject access request) flows are on the roadmap; today, residents request via their RWA Admin or via support.
Information Technology Act 2000 — data privacy and security obligations.
RBI / NPCI rules for any UPI surface — your money never transits our systems on UPI claim flow.
Note: We are DPDP-aligned, not formally certified. Our gap list (consent record metadata, self-service DSAR, breach-response runbook, named DPO) is published with each release. Email security@rwaconnect.in for the current status.

Want a deeper dive (data flow diagrams, architecture, audit reports)? Email security@rwaconnect.in — we'll send a security pack under NDA.

Set up takes about two minutes. The 14-day trial gives you full access to every paid feature. No credit card.