Software Security Policy

Last Updated: 15/12/2024

________________________________________

1. Overview

FATallyConnector is a desktop-based Java application that facilitates secure communication between Tally (running locally on a user’s computer) and a Field Assist DMS (Distributor Management System). The solution is designed to operate strictly on the same local environment where Tally is installed, ensuring data remains on the user’s system. This policy outlines the security measures and responsibilities in place for using FATallyConnector.

________________________________________

2. Scope

This policy applies to:

   •All users of FATallyConnector.

   •All data processed by FATallyConnector, including Tally data and communication tokens for Field Assist DMS.

   •The local environment on which FATallyConnector, Java 17, and Tally are installed.

________________________________________

3. System Requirements

1. Local System Operation Only

   o FATallyConnector is intended for deployment only on the local machine where Tally is installed.

   o Java 17 must be pre-installed on the same system to ensure compatibility and proper execution.

2. Local Tally Port Access

   o Tally must be configured to run on a localhost port.

   o FATallyConnector requires access to the Tally localhost port; any firewall or network restrictions must be configured to allow local traffic on this port.

________________________________________

4. Data Connection and Authentication Mechanisms

1. Tally Connection

   o FATallyConnector communicates with Tally through the local Tally port.

   o By design, all communication remains on localhost (127.0.0.1), enhancing security by preventing external network exposure.

2. Field Assist DMS Integration

   o FATallyConnector uses a secure API token-based mechanism to connect to Field Assist DMS.

   o The token is only generated when the user logs into the DMS from the same local system using valid credentials (ID and password).

   o No user credentials (IDs or passwords) are stored in FATallyConnector. The connector only holds the encrypted token granted by DMS.

   o The token expires once the DMS session ends or when the user logs out from the DMS in the local browser.

3. Token Handling

   o The connector caches the encrypted token securely in memory or a local secure store.

   o Upon token expiration or logout, all session information is invalidated; the connector will require fresh authentication from the user.

________________________________________

5. Data Backup and Storage

1. Tally Data Backup

   o Users are strongly encouraged to manually back up their Tally company data before and after any import/export operation using FATallyConnector.

   o FATallyConnector provides a one-click backup functionality, saving the backup exclusively on the user’s local system.

   o No automatic or remote backup is performed by FATallyConnector.

2. Local Data Storage

   o All Tally data, backups, logs, and any other information remain stored locally on the user’s system.

   o FATallyConnector does not copy, migrate, or transmit user data outside of the local environment.

3. Error Logs

   o FATallyConnector generates error logs in the same folder where the FATallyConnector executable is placed.

   o All logs are stored locally and are not sent to external servers.

________________________________________

6. User Responsibilities

1. Data Security

   o Because all data is stored locally, the user is fully responsible for maintaining adequate physical and digital security measures on their system.

   o Users should apply OS-level and network-level security practices (e.g., enabling firewalls, malware protection, and encryption where necessary).

2. Credential Management

   o Users must safeguard their Field Assist DMS login credentials.

   o FATallyConnector does not store credentials—only the token provided by DMS—so it is the user’s responsibility to ensure no unauthorized access to the system.

3. Network and Firewall Configuration

   o Users must ensure that the local Tally port is properly secured and restricted to localhost only, preventing unwanted remote access.

   o Users are responsible for configuring firewalls and other protective measures to ensure that external entities cannot access the local Tally port.

4. Monitoring & Incident Reporting

   o Users must monitor their environment for suspicious activity (e.g., unauthorized access).

   o If suspicious behavior is detected or data is copied/migrated by an unknown source, FATallyConnector is not responsible for such data breaches or misuse.

   o Users are advised to report any security incidents to their IT administrator or relevant authority promptly.

________________________________________

7. Liability and Disclaimers

1. Limited Liability

   o FATallyConnector operates strictly on local systems. If data is compromised through external means, hardware theft, or improper user management of credentials, the application’s vendor is not liable.

   o Any unauthorized data transfer or copying by other software or malicious actors is beyond the scope of FATallyConnector’s responsibility.

2. No Data Storage

   o FATallyConnector does not store user IDs, passwords, or Tally data in any external or cloud-based system. All data remains on the user’s local environment.

   o FATallyConnector is not responsible for maintaining any backups or encryption of user data beyond the local environment.

3. Security Best Practices

   o Users are advised to employ industry-standard security practices to protect their local systems (e.g., antivirus, strong passwords, network segmentation).

   o The reliability and security of FATallyConnector’s operation is contingent upon proper user adherence to these best practices.

________________________________________

8. Policy Updates

   •This policy may be updated periodically to address emerging security threats or changes in FATallyConnector functionality.

   •Users will be notified of significant changes via release notes or direct communication.

________________________________________

9. Contact Information

For further inquiries about this Security Policy, or to report any security concerns, please contact:

   •Support Email: email@tallyconnects.com

________________________________________

Acknowledgment

By using FATallyConnector, the user acknowledges having read, understood, and agreed to the terms and conditions outlined in this Software Security Policy.