Security & Privacy

Data Security & Privacy at Digital CFO®

We guard your books like a dragon guards treasure

Microsoft Azure’s infrastructure on which IDOS is hosted is designed from facility to applications for hosting millions of customers simultaneously, and it provides a trustworthy foundation upon which businesses can meet their security requirements. Further, Azure facilitates multiple configurable security variants with control function. This enables organisations to select need-based security features.

At the option of the customers and subject to conditions, IDOS would be able to host the application on other trusted, secure and scalable cloud infrastructures.

IDOS by default denies access to customer data to operations and support personnel. When access to data related to a support case is granted, it is only granted using a just-in-time model using policies that are audited and we grant the least privilege that is required to complete the support task and audit of such access is conducted and a log maintained for every such support task. Prior written request and approval of the customer is mandatory even for taking up and managing the support task.

Our Promise

How We Use Your Information

Purpose

What it means for you

Deliver core functionality
We use only the data we need to post transactions, generate reports, and keep your ledgers pristine.
Maintain & improve
Outage tracking and troubleshooting make the app faster and sturdier each day.
Create new features
Usage patterns (e.g., most-clicked reports) inspire slicker screens with fewer clicks.
Personalise your experience
Context-aware menus, branch-specific views, and smart defaults are tailored to your business, not someone else’s.

When We Share Data (Never without your consent)

You say so
Explicit, revocable user consent (e.g., sending specific information to your banker for loans, invoice discounting and other credit products and services based on YOUR REQUEST AND CONSENT).
The law insists
Only if required to:
  • meet a valid legal request
  • enforce our Terms of Service
  • detect or prevent fraud or security threats

Defence-in-Depth Security

Layer

What we do

Access control
Two-factor authentication (OTP via SMS) keeps gate-crashers out.
Data in transit
100% encrypted using TLS/SSL (HTTPS from browser to Azure).
Data at rest
Full-disk and field-level encryption—locked even when the server naps.
Key management
Secrets reside in Azure Key Vault; only vetted engineers can touch the vault (and they’re on a very short leash).
Hosting fortress
Deployed on Microsoft Azure’s ISO 27001 & SOC-compliant infrastructure.
Continuous monitoring
Real-time alerts and 24×7 SOC oversight mean we see trouble before it knocks.

Data Lifecycle & Retention

Status

Where it lives

How long

Active
Primary application database
Up to 8 years
Inactive
Long-term encrypted archive
Years 8 – ∞ (reg-compliant)
Disabled
User-deleted records, stored encrypted in long-term archive
Same retention as “Inactive” for audit defence

Business Continuity & Back-ups

Nightly encrypted backups live in separate Azure regions, ensuring your books survive power cuts, zombie apocalypses, and everything in between.

Governance & Accountability