Enterprise-grade infrastructure. Per-user tenant isolation. Full audit logging. The right to export or delete everything, anytime. No gatekeeping. No hostage data.
HaraPro doesn't roll its own infrastructure. We run on providers whose security posture is audited independently and deployed at planet scale.
Data and compute run on Google Cloud Platform and Firebase. Google's cloud infrastructure holds SOC 1/2/3, ISO 27001/17/18, PCI DSS, HIPAA, and FedRAMP — the most comprehensive security certifications available. Firebase Authentication backs every login.
Every bank connection runs through Plaid, the same integration layer used by Venmo, Robinhood, and Chime. HaraPro never sees your bank password. OAuth tokens are stored encrypted; we receive only the transaction data you authorize.
Subscription billing runs through Stripe (PCI DSS Level 1). HaraPro never stores your credit card number — Stripe holds a token. Change your card anytime in-app; the update goes directly to Stripe's vault.
TLS 1.3 for every request in transit. AES-256 encryption at rest — including every document in your File Vault. Database-level field encryption for tax IDs and sensitive identifiers. No exceptions.
HaraPro is a multi-tenant platform architected for strict per-user isolation at every layer.
Database-level row isolation. Every record in HaraPro — transactions, entities, documents, estate records — is tagged with a tenant ID enforced by Firestore security rules. Queries that don't match the authenticated user's tenant ID return nothing. No exceptions.
Per-tenant document storage. Every File Vault document is stored in a tenant-scoped bucket with signed URL expiration. Access tokens are minted per-request and expire in minutes.
AI classification learns globally but answers locally. Our 4-layer AI memory system uses anonymized pattern data at the global layer, but your transactions, categories, and personal tags never leave your tenant.
Multi-user, scoped access. Invite your spouse, CPA, or advisor with role-based permissions (owner, admin, member, viewer). Each user sees exactly what you grant — nothing more.
HaraPro tracks every meaningful event in your tenant — in-app and server-side.
The last 500 actions in your tenant are visible in-app with one click. See who did what, when, and from where.
Beyond the in-app 500, we retain full server-side logs for the life of your account. On request, we'll provide a complete audit export for compliance or legal needs.
No lock-in. No "contact support to retrieve your records." No hostage fees on the way out.
Full CSV export of every entity, transaction, document, and estate record. No gatekeeping. No "contact support."
Close your account and every record — transactions, documents, estate data — is permanently removed within 30 days. We keep no shadow copies.
GDPR-compliant deletion workflow for users and their dependents. Full audit trail of the deletion itself.
Every document you upload is stored encrypted (AES-256) with full version history. Re-upload a revised trust or POA and the original is preserved. Roll back to any version. Download the entire vault anytime.
Firebase Authentication backs every sign-in, with additional layers on the roadmap.
Sign in with your existing Google account. OAuth 2.0 authorization, no passwords stored by HaraPro.
Firebase-backed password authentication with strength requirements, breach detection, and recovery flows.
Time-based one-time passcodes via authenticator app (Google Authenticator, Authy, 1Password). Optional now, enforceable at the tenant level.
For Partner and Enterprise tier customers — integrate with Okta, Azure AD, Google Workspace, or your own identity provider.
Most SaaS vendors slap a "SOC 2 compliant" badge on their marketing the minute they start the audit. We don't.
HaraPro is actively undergoing SOC 2 Type II audit with expected completion in Q4 2026. Until the final report is signed, we won't claim the badge. When it is, we'll link the attestation here directly.
We'd rather be trusted than look certified. Our infrastructure already meets the controls required — we're just waiting for the independent attestation to say so.
We take security reports seriously. Email us with details — we triage within 24 hours, acknowledge within 48, and fix critical vulnerabilities as a top priority. We credit researchers (with their permission) on our disclosure page.
Email security@harapro.comStart free. See the infrastructure in action. Export your data anytime. Your finances, your call.
Start Free Today → See All Features →Free forever for 1 business · No credit card required