Security

Enterprise-Grade Security

FOHMSS ERP is built with security as a foundation — not an afterthought. Multi-tenant isolation, RBAC, encryption, audit logs and daily backups protect your business data.

Request Demo Login
Security Architecture

Your data is protected at every layer

FOHMSS uses defence-in-depth — multiple independent security layers so no single failure can expose your business data.

Multi-Tenant Isolation

Every company gets its own dedicated SQLite database. Your data is physically separated from all other tenants — not just filtered by a query. Zero cross-tenant leakage by design.

Isolated DBPer-tenantPhysical separation

Role-Based Access Control

7 roles: Super Admin, Account Owner, Company Admin, Manager, Finance Manager, Sales Manager and Staff. Every route, every module and every field is permission-controlled at the code level.

RBAC7 RolesField-level

Encryption

AES-256 encryption at rest. TLS 1.3 for all data in transit. Bcrypt password hashing with salt. Session cookies are HTTPONLY, Secure and SameSite-protected against CSRF attacks.

AES-256TLS 1.3Bcrypt

Audit Logs

Every sensitive action is logged — who did it, when and from which IP. WORM-protected audit trail with 7-year retention. Tamper-evident proof chain for all financial records.

WORM7-year trailTamper-evident

Daily Backups

Automated daily encrypted backups for every tenant database. Backup integrity verified automatically after each run. Point-in-time recovery available within 7 days.

DailyEncryptedVerified

Fraud Detection

AI-powered fraud detection monitors order patterns, payment anomalies and suspicious marketplace activity. Automatic risk scoring for Meesho and Flipkart orders. Real-time alerts to your team.

AI fraudRisk scoringReal-time

Security checklist

  • HTTPS / TLS 1.3 on all endpoints
  • HTTPONLY + SameSite session cookies
  • CSRF protection on all POST routes
  • SQL injection prevention (parameterised queries)
  • Multi-tenant DB isolation (separate DB per company)
  • Role-based access on every route
  • Field-level permissions on sensitive data
  • Bcrypt password hashing with salt
  • 8-hour session timeout
  • Comprehensive audit logs on sensitive actions
  • Daily encrypted backups with verification
  • No hardcoded credentials in codebase
  • Data hosted in India (GCP Mumbai)
  • DPDP Act 2023 compliant

Infrastructure

  • Cloud: Google Cloud Platform, Mumbai (asia-south1)
  • OS: Ubuntu LTS with automatic security patches
  • Firewall: GCP VPC with restrictive ingress rules
  • Monitoring: Real-time observability with alerting
  • Uptime SLA: 99.5% monthly target
  • Status: fohmss.in/status

Legal compliance

FAQ

Security questions we hear often

Is my data shared with other FOHMSS customers?

Never. Each company has its own completely separate database. Your orders, invoices, employees and financial data are physically isolated from all other customers — not just filtered by a query condition.

Where is my data stored?

All data is stored exclusively on Google Cloud Platform in the Mumbai region (asia-south1), within India. No data is transferred to or stored on servers outside India.

What happens if there is a data breach?

We notify affected customers within 72 hours as required by DPDP Act 2023. We also report to the Data Protection Board of India as required by law. Our incident response plan ensures containment within 4 hours.

Can I export or delete my data?

Yes. Export your complete data at any time from your account settings. Submit a deletion request at fohmss.in/legal/data-deletion — completed within 30 days.

Security questions? We answer everything.

We are happy to answer detailed security and compliance questions before you sign up.

Request Demo