Your financial data deserves bank-grade protection

We handle sensitive financial data every day. Here's exactly how we protect it — and why you can trust HaraPro with your business.

🔒
AES-256 Encryption
Data at rest
🔐
TLS 1.3
Data in transit
🛡️
SOC 2
In progress
💳
PCI Compliant
Via Stripe

Infrastructure Security

HaraPro runs on Google Cloud infrastructure through Firebase, the same platform trusted by millions of apps worldwide.

☁️ Google Cloud Platform

All data is stored on Google Cloud's infrastructure, which maintains ISO 27001, SOC 1/2/3, and FedRAMP certifications. Data centers are physically secured with 24/7 monitoring.

🔒 Encryption at Rest

All stored data is encrypted using AES-256 encryption. Your financial data is never stored in plain text — even our own engineers cannot read it without authorization.

🔐 Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3, the latest transport layer security protocol. No data travels unprotected.

🌐 Global CDN

Content is served through Firebase Hosting's global CDN with automatic SSL certificate provisioning. Every connection is HTTPS-only — no exceptions.

Authentication & Access

We use Firebase Authentication, which powers billions of sign-ins across Google products.

🔑 Firebase Auth

Industry-standard authentication with support for Google SSO and email/password. Passwords are hashed using bcrypt — we never store them in plain text.

👥 Tenant Isolation

Multi-tenant architecture ensures each customer's data is completely isolated. One customer can never access another customer's data — enforced at the database rule level.

🎭 Role-Based Access

Team members can be granted owner, admin, member, or viewer roles. CPA/advisor access is read-only by default — they can view but never modify your data.

⏱️ Session Management

Authentication tokens expire automatically. Inactive sessions are terminated. You can sign out of all devices from your account settings.

Payment Security

We never touch your credit card. All payment processing is handled by Stripe.

💳 Stripe

All payment processing is handled by Stripe, a PCI Level 1 certified service provider — the highest level of payment security certification available.

🚫 No Card Storage

HaraPro never stores, processes, or transmits credit card numbers. Your payment information goes directly to Stripe and never touches our servers.

Our Security Commitments

We never sell your data

Your financial data is yours. We never sell it, share it with advertisers, or monetize it in any way. Period.

We never access your data without permission

Our support team can only access your data if you explicitly grant permission during a support session.

You can export or delete anytime

Your data is portable. Export everything as CSV at any time. Request full deletion and we'll remove all your data within 30 days.

We disclose all incidents

If a security incident affects your data, we will notify you within 72 hours with full transparency about what happened and what we're doing about it.

Questions about security?

Our team is happy to answer any security or compliance questions.

Contact Us