MIZANBalance · Trust
Security & trust

Built for regulated finance in the GCC.

MIZAN is designed for accountants whose clients trust them with everything. Here's how we earn that trust.

Data residency

Your data stays in the GCC. UAE and KSA primary regions, with replication only within the region.

  • UAE primary region
  • KSA primary region (optional)
  • No cross-region replication

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Secrets vaulted and never on the client.

  • TLS 1.3
  • AES-256 at rest
  • Server-side secrets only

Identity & access

2FA on every account. Step-up OTP for sensitive actions. Per-firm RBAC with assigned-client scoping.

  • 2FA (email/SMS)
  • Step-up OTP
  • RBAC + assignments
  • SSO on Firm plan

Tenant isolation

Row-level security on every table. Per-firm and per-client scoping enforced at the database layer.

  • RLS on all tables
  • Per-firm scope
  • Per-client scope

Audit trail

Every sensitive action is logged with actor, IP, device and timestamp. Exportable on Firm plan.

  • Security events log
  • Sessions list + revoke
  • Export to CSV
Compliance

Aligned with the standards that matter to you.

UAE FTA aligned
ZATCA ready
GDPR-compatible
SOC 2 (in progress)

Have a security question?

We're happy to share our security whitepaper, DPA, and answer due-diligence questionnaires.