Compliance & Security
APilot is built with regulatory compliance at its core
Regulatory Compliance
APilot is designed and operated to comply with Indian financial, tax, and data protection regulations. We work closely with compliance experts to ensure our platform meets all requirements for SME finance operations.
Full support for IGST, SGST, CGST regulations
- Real-time GST number validation
- Automatic invoice classification
- GST return reporting support
- E-invoice (e-way bill) integration
Compliant with Reserve Bank of India guidelines
- UPI, IMPS, NEFT standards
- Know Your Transaction (KYT) checks
- Anti-Money Laundering (AML) compliance
- Payment authentication requirements
Support for IT audit and compliance requirements
- Invoice archival (5-7 years)
- Transaction audit trails
- TDS/TCS reporting support
- Annual reconciliation
Data security and privacy standards
- GDPR-compliant data handling
- ISO 27001 certification
- End-to-end encryption
- Regular security audits
Security Standards
Data Encryption
- In Transit: TLS 1.2+ encryption for all data transmission
- At Rest: AES-256 encryption for stored financial data
- Sensitive Fields: Bank account numbers, GST IDs, PAN stored with additional encryption layers
Access Control
- Role-Based Access: Admin, Manager, Approver, Finance Officer roles with granular permissions
- Multi-Factor Authentication: Optional 2FA for sensitive accounts
- Session Management: Automatic logout after 30 minutes of inactivity
- Audit Logging: All user actions tracked and logged for compliance
Infrastructure Security
- Cloud Hosting: AWS/Azure with DDoS protection
- Redundancy: Multi-region failover and automatic backups
- Firewalls & IDS: Advanced network security and intrusion detection
- Penetration Testing: Annual security assessments by third-party auditors
Vendor & API Security
- All payment partners are PCI-DSS compliant
- API integrations use OAuth 2.0 and secure token management
- Regular vendor security assessments
Financial Compliance
GST (Goods and Services Tax)
APilot fully supports GST compliance for Indian SMEs:
- Real-time validation against GST NSDL database
- Automatic invoice classification as SGST/IGST/CGST
- ITC (Input Tax Credit) tracking and reporting
- E-invoice and e-way bill integration
- GST return file generation (GSTR-1, GSTR-2, GSTR-3B)
Income Tax & Audit
Full support for IT compliance and auditing:
- Invoice retention for 5-7 years as per IT rules
- Transaction-level audit trails
- Annual compliance certifications
- Tax reporting data exports
RBI Payment Regulations
Full compliance with Reserve Bank of India guidelines:
- KYT (Know Your Transaction) for amounts > ₹10 lakhs
- Automated AML (Anti-Money Laundering) checks
- OFAC sanctions screening for international payments
- Real-time payment status tracking
Certifications & Audits
Current Certifications
ISO 27001:2022
Information Security Management
SOC 2 Type II
Security & Availability Audit
PCI-DSS Level 1
Payment Card Industry Compliance
GDPR Compliant
Data Protection Standards
Regular Audits
APilot undergoes continuous security and compliance audits:
- Quarterly penetration testing by external security firms
- Annual SOC 2 Type II audit
- Continuous vulnerability scanning and patch management
- Monthly compliance reviews for GST and RBI regulations
Questions About Compliance?
Our compliance team is available to address any concerns or requirements for your organization.
Email: compliance@apilot.ai
Phone: Available during business hours
Compliance Officer: compliance-officer@apilot.ai