Enterprise CSR data — employees, NGOs, disbursements, compliance filings — is sensitive. This page describes the practices and controls Margh has in place today. It is maintained by the Margh team and is not an independent certification.
Encryption in transit & at rest
All traffic to Margh is served over TLS 1.2+. Data at rest in our managed database and object storage is encrypted using industry-standard AES-256.
Access controls & SSO
Role-based access at the organization, program, and NGO level. SSO/SAML available for enterprise customers so account lifecycle stays in your IdP.
Managed cloud hosting
Margh runs on hardened, managed cloud infrastructure with automated backups, regional isolation, and 24/7 monitoring.
Least-privilege internal access
Only a small set of authorised engineers can access production, gated by SSO + MFA. All privileged actions are logged and reviewed.
Auditability & compliance
Every grant, disbursement, hour logged, and NGO onboarding step is captured with immutable audit trails — ready for internal and regulatory review.
Responsible disclosure
We welcome reports from the security community. Email security@margh.org with details; we acknowledge within 2 business days.
Shared responsibility
Margh secures the platform, its infrastructure, and the services we operate. Client organizations remain responsible for administering their own accounts, managing user access within their tenant, and handling any funds/donations outside Margh (Margh does not process payments).
Data location
Margh is operated from India and uses managed cloud infrastructure that may be located in India and other regions. Wherever data is stored, we apply the same encryption and access controls described above.
Report a vulnerability
Please report suspected vulnerabilities to security@margh.org. Do not publicly disclose issues before we've had a reasonable chance to investigate and remediate.