Trust & security
Basil is built for regulated, high-volume operations—GST records, inventory, CRM, and payments touch sensitive business data. This page summarizes how we think about security and privacy at a product level; contractual terms live in our legal documents.
Data residency & processing
Basil India production workloads are operated with Indian retail and restaurant customers in mind. We design flows so billing, inventory, and tax records stay auditable for your CA and internal finance teams.
Encryption & transport
Customer traffic to Basil is served over HTTPS. We use industry-standard TLS for data in transit. Secrets and credentials are not stored in client-side code. We recommend strong passwords and periodic access reviews for workspace admins.
Access control & least privilege
Workspaces support role-based access, store scoping, and operational workflows (POS, back office, CRM) so staff only see what they need. We recommend periodic access reviews as your team grows, especially when cashiers, managers, and HQ finance share the same tenant.
Backups, monitoring & incident response
We maintain operational monitoring and incident response practices appropriate for a cloud SaaS platform. If you experience an account issue that looks like unauthorized access, contact support immediately so we can lock sessions and investigate.
Subprocessors & integrations
Basil may use infrastructure and communications providers (hosting, email, analytics where you consent) to deliver the service. Enterprise customers can request a security questionnaire or DPA review during procurement.
Your responsibilities
- Protect staff login credentials and revoke access when people leave.
- Keep GSTIN, bank, and customer data accurate—you control what is entered at the counter.
- Use supported browsers and devices; install Basil PWA only from official domains.