Mandira is built to be trustworthy by default. Below is a summary of the controls we operate; we are happy to share our full vendor security questionnaire on request.
1. Tenant isolation
- ◆Every trust runs in an isolated MongoDB namespace. Application-layer queries are tenant-scoped and audited.
- ◆No tenant has access to another trust's data — including counter clerks, managers and auditors.
2. Encryption
- ◆In transit: TLS 1.2+ on every endpoint, including the PWA counter, internal services and the self-hosted notification gateway.
- ◆At rest: AES-256 disk-level encryption for database storage and snapshot backups.
- ◆Secrets and API keys are stored in a managed secret store and rotated quarterly.
3. Authentication & access control
- ◆Role-based access — Admin, Manager, Counter Clerk, Auditor, Devotee — with the principle of least privilege.
- ◆Optional Single Sign-On via Google Workspace for trusts that prefer it.
- ◆Counter sessions auto-expire on idle.
4. Audit & integrity
- ◆Every counter transaction is timestamped, signed, and recorded with the clerk identity.
- ◆Append-only audit log — counter receipts cannot be silently mutated after issue.
- ◆Tamper-evident GST receipts; downloadable audit pack on demand.
5. Resilience
- ◆Counter PWA continues to operate offline; transactions sync automatically when connectivity returns.
- ◆Database snapshots every 6 hours; 30-day point-in-time recovery on Mandapa and Gopuram plans.
- ◆On-premise deployment option for trusts that want full data residency.
6. Compliance
- ◆DPDP Act, 2023 — consent management, export and erasure flows built into the devotee CRM.
- ◆GST tagging on receipts, donations and seva fees.
- ◆OWASP Top 10 review on every major release.
7. Report a vulnerability
Found something? Please email Kshethram@nexorasuncore.com with steps to reproduce. We acknowledge within one business day.