shieldSECURITY OVERVIEW

Security by Architecture

Hisaab-Pro's security model is simple and absolute: your data never leaves your device. No network connection, no cloud server, no attack surface that matters.

Three Pillars of Security

Every security decision in Hisaab-Pro stems from one principle: your financial data belongs to you alone.

encrypted

AES-256 Encryption

All data is encrypted at rest using AES-256, the same standard used by global banks and governments. Your database file is unreadable without your application password.

wifi_off

Zero Network Access

Hisaab-Pro makes zero outbound network requests. No telemetry, no update checks, no license verification servers. The application is completely air-gapped by design.

usb

Physical Data Control

Run Hisaab-Pro from a USB drive and carry your data physically. No data remains on the host machine after the USB is removed. You control the hardware; you control the data.

Technical Security Specifications

lock

Database Encryption

SQLite database encrypted via AES-256-CBC. Key derivation uses PBKDF2-HMAC-SHA256 with 100,000 iterations. Salt is randomly generated per installation.

key

Password Security

Passwords are never stored in plain text. The application stores only a salted hash. Brute-force protection via progressive delays after failed attempts.

history

Audit Logs

Every transaction, modification, and deletion is logged with a timestamp and user identifier. Logs are tamper-evident and stored in a separate encrypted file.

verified

Installer Integrity

Every release includes a SHA-256 checksum. Verify your download before installation to ensure authenticity. See the Download page for checksums.

What We Don't Do

close

No Cloud Sync

We don't offer — or want — access to your books.

close

No Telemetry

We collect zero usage data from the application. Ever.

close

No Third-Party SDKs

No analytics, ad networks, or tracking libraries embedded.

close

No License Servers

License validation is offline. The app works without internet, always.

close

No Automatic Updates

Updates are manual and user-initiated. You control when to upgrade.

bug_report

Responsible Disclosure

If you discover a security vulnerability in Hisaab-Pro, please report it privately via our secure channel. We will acknowledge receipt within 48 hours and provide a fix within 30 days.

sendReport a Vulnerability