Your sales data, safer than your inbox.
India-hosted, encrypted, RLS-isolated. Your customer pipeline is the most sensitive thing in the business — we treat it that way.
Encrypted in transit and at rest
TLS 1.2+ on every connection. AES-256 encryption at rest for the Postgres data layer.
India-hosted Postgres
Lead data lives in a Mumbai-region Supabase Postgres cluster. Backups stay in-region.
Row-Level Security
Every query is scoped to your organization at the database layer. RLS is enforced — not a frontend check.
Bearer JWT auth, no cookies
Tokens are validated at every API edge by Cloudflare Workers. No cookie-session ambiguity, no CSRF surface.
Audit logs
Every login, score override, role change and bulk action is logged with user, IP and timestamp. Exportable.
Indian data residency
Lead and conversation data does not leave Indian regions. Auxiliary services (OpenNext on Cloudflare) are global by design — read more in the FAQ.
Security & compliance FAQ
Where is my data stored?+
Lead, contact, deal, activity and conversation data lives in a Mumbai-region Supabase Postgres cluster with point-in-time recovery and in-region backups. We do not replicate this data outside of Indian regions.
What about Cloudflare's edge?+
Pariq's app and worker run on Cloudflare's edge network. Cloudflare may terminate TLS at the nearest edge point globally — but no persistent customer data is stored at the edge. All reads/writes hit Mumbai Postgres.
Do you sub-process any data?+
Yes — Supabase (database), Cloudflare (compute + CDN), Meta (WhatsApp Business API), and our LLM provider for AI scoring (input minimized to lead text and source metadata; no PII training). Full sub-processor list available on request.
How do I export my data?+
Every entity is exportable as CSV from the in-app Settings page. The API also exposes paginated read endpoints for full bulk export. Data export is unrestricted — no "Pro tier" gate.
How do I delete my data?+
Cancel from Settings → Billing. Data is retained 90 days for export, then permanently deleted from primary and backup storage within 30 days. Email support@pariq.in to request immediate deletion.
Are you GDPR / DPDP compliant?+
Pariq is built to align with India's Digital Personal Data Protection Act (DPDP) and GDPR principles: lawful basis, purpose limitation, minimization, transparent processing, right to access/delete. We are not formally certified yet — certification work is on the 2026 roadmap.
Do you have SOC 2 / ISO 27001?+
Not yet. Both are on the 2026 roadmap. Underlying providers (Supabase, Cloudflare) are SOC 2 Type II certified.
How do you handle a security incident?+
Our incident response plan: detect → contain within 1 hour → notify affected customers within 24 hours → root cause + remediation report within 7 days. We publish post-mortems publicly.
Can my IT team get a security review?+
Yes. Email security@pariq.in for our security & compliance pack, including architecture diagram, sub-processor list, and incident response policy.