Security by Architecture
Hisaab-Pro's security model is simple and absolute: your data never leaves your device. No network connection, no cloud server, no attack surface that matters.

Three Pillars of Security
Every security decision in Hisaab-Pro stems from one principle: your financial data belongs to you alone.
AES-256 Encryption
All data is encrypted at rest using AES-256, the same standard used by global banks and governments. Your database file is unreadable without your application password.
Zero Network Access
Hisaab-Pro makes zero outbound network requests. No telemetry, no update checks, no license verification servers. The application is completely air-gapped by design.
Physical Data Control
Run Hisaab-Pro from a USB drive and carry your data physically. No data remains on the host machine after the USB is removed. You control the hardware; you control the data.
Technical Security Specifications
Database Encryption
SQLite database encrypted via AES-256-CBC. Key derivation uses PBKDF2-HMAC-SHA256 with 100,000 iterations. Salt is randomly generated per installation.
Password Security
Passwords are never stored in plain text. The application stores only a salted hash. Brute-force protection via progressive delays after failed attempts.
Audit Logs
Every transaction, modification, and deletion is logged with a timestamp and user identifier. Logs are tamper-evident and stored in a separate encrypted file.
Installer Integrity
Every release includes a SHA-256 checksum. Verify your download before installation to ensure authenticity.
What We Don't Do
No Cloud Sync
We don't offer — or want — access to your books.
No Telemetry
We collect zero usage data from the application. Ever.
No Third-Party SDKs
No analytics, ad networks, or tracking libraries embedded.
No License Servers
License validation is offline. The app works without internet, always.
No Automatic Updates
Updates are manual and user-initiated. You control when to upgrade.
Responsible Disclosure
If you discover a security vulnerability in Hisaab-Pro, please report it privately via our secure channel. We will acknowledge receipt within 48 hours and provide a fix within 30 days.
sendReport a Vulnerability