Back to Home

    Security & data ownership

    Vasool handles borrower KYC, collections, and cash — so security is foundational, not a feature. Here's exactly how your data is protected, and what you control.

    Zero
    Cross-tenant data access
    Your own
    Database & server
    TLS
    Encrypted in transit
    Full
    Audit trail per record

    You own your data. We never store it centrally.

    Each tenant's data lives in its own database on infrastructure you provide or designate — even a server in your own office. We provide the software; you hold the data. There is no shared, central store that a single breach could expose across lenders.

    Data protection & isolation

    Your borrowers' data stays yours — separated, encrypted, and on infrastructure you control.

    Tenant data isolation

    Each finance company runs in a completely separate database and storage. No tenant can reach another tenant's data under any circumstances.

    You control the infrastructure

    Data lives on servers you provide or designate. Vasool doesn't own or centrally store it — so one breach can never span multiple lenders.

    Encrypted in transit

    All communication is secured with TLS/SSL using industry-standard protocols, from the field app to the office dashboard.

    Storage limits & monitoring

    Per-tenant storage quotas with real-time usage monitoring keep resource use accountable and predictable.

    Identity & access

    Only the right people reach the right data — down to a single action.

    JWT authentication

    Short-lived access tokens with rotating refresh tokens. Every session is cryptographically signed and validated on each request.

    Unified login

    A single secure authentication gateway for admins and staff — fewer credential stores, a smaller attack surface.

    Biometric login

    Fingerprint and face-recognition unlock on the mobile app protects a field agent's device even if it is lost or stolen.

    Role-based access control

    Granular, custom roles per resource and action. Owners decide exactly what each staff role can view, create, edit, or delete.

    Monitoring & resilience

    Every change is recorded, and abuse is kept out.

    Full audit trail

    Every edit is tracked — who changed what, when, and from where — with complete entity-level history for compliance and disputes.

    Bot & attack protection

    Known crawlers, vulnerability scanners, and common attack paths are detected and blocked automatically.

    Rate limiting

    Per-endpoint limits defend against brute-force attempts, credential stuffing, and API abuse, keeping the service stable under load.

    Distributed tracing

    Full request tracing across services surfaces performance issues and suspicious patterns fast.

    Being straight with you: Vasool gives you strong technical controls and full data isolation today. Formal certifications (SOC 2, ISO 27001) and RBI-aligned compliance modules (CKYC, credit-bureau reporting) are on our roadmap — Vasool supports your compliance, it doesn't replace your obligations as the lender.

    Responsible disclosure

    Found a security issue? Report it privately and we'll fix it fast. We acknowledge every report within 48 hours.

    Please include a clear description, steps to reproduce, and any supporting evidence.