⏱️ Recently Viewed
Clear
📑 Table of Contents
✕
Technology Handbook
Your complete guide to Varma & Varma's self-hosted technology stack — covering every tool, access policy, and workflow procedure for daily practice.
Where to Begin
All firm applications are accessible via a single login at auth.varma.ai. Authenticate once and access every tool you are authorized to use — no separate passwords required.
1
Create your account — Visit auth.varma.ai and sign up. Your account will be linked to your user group by the IT team.
2
Enable MFA — Set up multi-factor authentication in Authentik immediately. This protects all downstream applications simultaneously.
3
Install Bitwarden — Add the Bitwarden browser extension and set the server URL to
https://vault.varma.ai. Store all credentials here.4
Explore your tools — Browse the Application sections in this handbook to understand what each tool does and when to use it.
5
Raise issues via Zammad — Any technical difficulty or access problem should be logged at support.varma.ai.
Technology at a Glance
📊
Audit & Analytics
Data Sense Pro, GST extractor, sampling tools, and compliance checks built for CA workflows.
🤖
Knowledge & AI
Private LLM interface, team knowledge base, transcription, and firm-wide LMS.
📄
Document Tools
OCR-based document management, PDF toolkit, and AI-powered document conversion.
🛡️
Security Policies
Data classification, retention schedules, incident response, and compliance frameworks.
All applications run on private firm infrastructure under *.varma.ai domains. No client data is transmitted to public cloud services unless explicitly noted (Azure OpenAI models are opt-in).
Infrastructure Overview
Architecture, network topology, and core components
Architecture
The firm operates a containerized, self-hosted infrastructure using Docker and Traefik reverse proxy. Every application runs on dedicated private servers with the following guarantees:
- SSL/TLS: Automated Let's Encrypt certificates for all
*.varma.aidomains - Authentication: Centralized SSO via Authentik — one login for all apps
- Monitoring: Real-time health checks and uptime alerts
- Backups: Automated daily backups with 8-year retention
Network Flow
Internet
│
▼
Traefik (Reverse Proxy) ←── Let's Encrypt (SSL/TLS)
│
▼
Authentik (SSO Gateway)
│
▼
┌───────────────────────────────────────┐
│ Docker Isolated Network │
│ │
│ datasense │ llm │ docs │ ... │
└───────────────────────────────────────┘
Core Infrastructure Components
| Component | Domain | Purpose | Access |
|---|---|---|---|
| Traefik | traefik.varma.ai | Reverse proxy & SSL management | Admin |
| Authentik | auth.varma.ai | Single Sign-On identity provider | Admin |
| Portainer | portainer.varma.ai | Container management | Admin |
| Dozzle | logs.varma.ai | Real-time log viewer | Admin |
| Watchtower | — | Automatic container updates | Admin |
Infrastructure components are managed exclusively by the IT team. If you encounter a service outage, check status.varma.ai before raising a ticket.
Login & Access Control
SSO, user groups, password policy, and MFA
Single Sign-On (SSO)
All applications are protected by Authentik SSO. Authenticate once at auth.varma.ai and access every authorized tool seamlessly — no repeated logins.
Do not share your Authentik credentials with anyone — including colleagues. Each staff member must maintain an individual account. Sharing credentials is a policy violation.
User Groups & Access
| Group | Members | Access Level |
|---|---|---|
| Partners | All Partners | Full access to all applications |
| Managers | Assistant, Deputy, Senior Managers | Full access except admin tools |
| Qualified Assistants | Newly qualified CAs | Full access except admin tools |
| Semi-Qualified Assistants | Articleship completed trainees | Standard access |
| Articled Assistants | Current trainees | Standard access |
| Interns | B.Com, MBA, BBA students | Limited access |
| Administrative Staff | Support staff | Business applications only |
| Authentik Admins | IT Team | Full administrative access |
Access Symbols Used in This Handbook
| Symbol | Meaning |
|---|---|
| 🔓 All Users | Accessible to every staff member |
| 🔐 Restricted | Requires specific group membership |
| 🔒 Admin Only | IT Team only |
| ✅ Live | Application is deployed and active |
| 🚧 Coming Soon | Under development |
Password Policy
- Minimum 12 characters
- Must include uppercase, lowercase, numbers, and special characters
- Password rotation recommended every 90 days
- MFA strongly recommended — configure via Authentik settings
Test Your Password Strength
Start typing to evaluate your password.
Audit & Analytics
In-house tools built for CA audit, compliance, and data workflows
📈
Data Sense Pro
datasense.varma.ai
Excel-first data analysis, audit sampling (MUS/PPS), GST & TDS dashboards, Benford's law, reconciliation.
📉
Sales Register Analysis
sales.varma.ai
Analyze sales & purchase registers — trend analysis, anomaly detection, HSN-wise GST, GSTR-1 reconciliation.
🏢
Struck-Off Check
struckoff.varma.ai
AI/ML-powered MCA struck-off verification with 5-tier risk scoring. Batch process 1,000+ companies.
🧾
GSTR Returns Extractor
gstr.varma.ai
Extract GSTR-1, 3B, and GSTR-9 data from JSON/PDF into firm working paper format.
💳
Challan Extractor
challan.varma.ai
OCR-based extraction from TDS, GST, PT, PF, and ESI challan PDFs for reconciliation and verification.
🛡️
AuditGuard
audit.varma.ai
AI-powered audit report reviewer — SA/CARO 2020/Ind AS compliance checks, gap flagging, version comparison.
✂️
AuditSnipper
auditsnipper.varma.ai
Crop and annotate evidence from PDF source documents directly into working paper templates.
🔄
XLSX Converter
xlsx.varma.ai
Instant XLSX/XLS to CSV conversion with sheet selection, encoding options, and delimiter choice.
Knowledge & AI
Private AI assistant, team knowledge base, LMS, and transcription
📝
Outline
notes.varma.ai
Firm-wide knowledge base for SOPs, methodology docs, client notes, and real-time collaborative editing.
🎓
Canvas LMS
lms.varma.ai
Enterprise learning system — CPE courses, Ind AS updates, tool training, quizzes, and completion certificates.
🤖
Open WebUI (AI)
llm.varma.ai
Private LLM interface with Azure OpenAI, web search, document upload (RAG), and firm prompt library.
🎙️
Speakr
speakr.varma.ai
AI transcription with speaker diarization, keyword extraction, and summarization for meetings and walkthroughs.
Privacy note: All queries on the Open WebUI remain within firm infrastructure. Only queries routed to Azure OpenAI models leave the private network. Local Ollama models are available for sensitive client matters.
Document Tools
DMS, PDF manipulation, and AI document conversion
🗂️
Paperless-ngx
docs.varma.ai
OCR-powered document management with full-text search, tagging, Outlook integration, and 8-year retention.
📑
PDF Tools
pdf.varma.ai
Client-side PDF toolkit — merge, split, compress, protect, watermark, rotate. Files never leave your browser.
🔀
Docling
docling.varma.ai/ui
AI-powered conversion from PDF/DOCX/HTML to Markdown, plain text, or JSON with table structure preservation.
Business Applications
Time tracking, IT support, and password management
⏱️
Kimai
time.varma.ai
Time tracking by client and engagement — billable hours reports, mobile app, and manager approval workflow.
🎫
Zammad
support.varma.ai
IT support ticketing — raise issues, track status, email
tech@varmaandvarma.com. SLA: 24–72 hrs.
🔑
Vaultwarden
vault.varma.ai
AES-256 encrypted password vault compatible with Bitwarden. Zero-knowledge, self-hosted, with team org vaults.
Time Tracking Workflow
1
Start timer on Kimai when beginning fieldwork, review, or reporting for an engagement.
2
Categorize by activity type: Fieldwork / Review / Reporting / Tax / Advisory.
3
Stop timer when switching tasks. Avoid bulk end-of-day entries for accuracy.
4
Submit weekly timesheet for manager approval by Friday COB.
5
Export month-end report for partner review and billing generation.
Development & Automation
Workflow automation, Jupyter notebooks, and version control
🔁
n8n
n8n.varma.ai
Low-code automation — 500+ integrations, email pipelines, scheduled tasks, webhooks, and data transformations.
🐍
Jupyter
jupyter.varma.ai
Python/R notebooks with pandas, scipy, scikit-learn pre-installed. For advanced audit analytics beyond Data Sense Pro.
Gitea (git.varma.ai) hosts all firm scripts, in-house app source code, and automation workflows. Access is restricted to the IT team. Staff may request code reviews or script deployments via Zammad.
Example Automations (n8n)
📧 Email Attachment → Paperless-ngx ▾
Automatically import attachments from
tech@varmaandvarma.com into Paperless-ngx document management with OCR tagging and filing rules.
📊 Regulatory Alert Pipeline ▾
When Changedetection.io detects a change on MCA, IT, GST, or ICAI portals, trigger an n8n workflow to send formatted email summaries to relevant engagement teams.
📂 Data Extraction Pipeline ▾
Extract client CBS / ERP data, run through Docling for conversion, load into Data Sense Pro — reducing manual data preparation time significantly.
🕐 Kimai → Billing Sync ▾
Automatically compile approved Kimai time entries into a billing summary CSV at month-end and distribute to engagement partners via email.
Monitoring & Utilities
Regulatory change tracking, private search, and uptime monitoring
👁️
Changedetection.io
alerts.varma.ai
Monitor MCA, IT Dept, GST Council, ICAI, RBI, and SEBI portals for regulatory changes with diff-view alerts.
🔍
SearXNG
search.varma.ai
Privacy-first metasearch engine aggregating Google, Bing, DuckDuckGo — no tracking, no history.
Regulatory Monitoring Workflow
1
Visit alerts.varma.ai and add URLs you wish to monitor (e.g., ICAI circulars page).
2
Configure check frequency — daily for GST/IT updates; weekly for SEBI/RBI guidelines.
3
Receive email alert when a change is detected. Review the diff view to assess the nature of the amendment.
4
Assess impact on active client engagements and notify the relevant audit team.
Recommended Monitoring URLs
| Source | Relevance | Frequency |
|---|---|---|
| MCA circulars | Companies Act compliance, Schedule III | Daily |
| Income Tax Dept | Form 3CD, tax audit notifications | Daily |
| GST Council | Rate changes, GSTR amendments | Daily |
| ICAI pronouncements | SA updates, guidance notes | Weekly |
| RBI guidelines | Bank/NBFC audit engagements | Weekly |
| SEBI regulations | Listed entity audits | Weekly |
Data Security & Compliance
Classification, retention, protocols, and incident response
Data Classification
| Class | Examples | Handling |
|---|---|---|
| Public | Firm announcements, public profile | No restrictions |
| Internal | Firm policies, SOPs, training materials | Staff-only access |
| Confidential | Client engagement data, audit evidence, financials | Need-to-know; encrypted |
| Restricted | Passwords, encryption keys, personal data | Vaultwarden only; no email |
Data Retention Schedule
| Record Type | Retention Period | Legal Basis |
|---|---|---|
| Audit working papers | 8 years from completion | ICAI / Companies Act 2013 |
| Client correspondence | 8 years from last communication | ICAI Code of Ethics |
| Tax records | 8 years from assessment year | Income Tax Act 1961 §54 |
| Financial statements | 8 years from FY end | Companies Act §128 |
| Application logs | 90 days (admin only) | IT Policy |
Backup & Disaster Recovery
| Parameter | Specification |
|---|---|
| Backup schedule | Daily incremental; weekly full |
| Backup encryption | AES-256, offsite encrypted storage |
| Retention | 8 years |
| RTO (Recovery Time) | 24 hours for critical systems |
| RPO (Recovery Point) | 24 hours (last daily backup) |
Compliance Frameworks
The firm's infrastructure aligns with: Chartered Accountants Act 1949 (data security obligations), Information Technology Act 2000, Companies Act 2013 §128 & §143, ICAI Code of Ethics, and GDPR principles where applicable.
Incident Response Procedure
If you suspect a security incident — unauthorized access, data breach, or credential compromise — follow the steps below immediately.
1
Change your password immediately at auth.varma.ai.
2
Raise a CRITICAL priority ticket in Zammad with all available details — timestamps, error messages, affected systems.
3
Do not delete or modify any evidence — logs, emails, or files related to the incident.
4
IT team will acknowledge within 24 hours and issue remediation instructions.
5
Follow IT instructions precisely. Do not attempt independent remediation.
Support & Troubleshooting
How to get help and resolve common issues
Primary Support Channel
All IT issues must be logged via the Zammad ticketing system. This ensures issues are tracked, prioritized, and resolved with an audit trail.
| Channel | Detail |
|---|---|
| Web portal | support.varma.ai |
| tech@varmaandvarma.com | |
| Critical SLA | 24 hours (system down, data loss, security) |
| Non-critical SLA | 72 hours (minor bugs, queries, feature requests) |
Common Issues & Solutions
🔐 Cannot log in to applications ▾
1. Verify you are using correct Authentik credentials.
2. Clear browser cache and cookies.
3. Try incognito / private browsing mode.
4. Confirm Authentik is accessible at auth.varma.ai.
5. Contact IT via Zammad for a password reset.
2. Clear browser cache and cookies.
3. Try incognito / private browsing mode.
4. Confirm Authentik is accessible at auth.varma.ai.
5. Contact IT via Zammad for a password reset.
📁 File upload failures ▾
1. Check file size — some applications enforce a size limit.
2. Verify file format is supported (see Quick Reference → File Formats).
3. Try Chrome or Edge (chromium based browsers are recommended for troubleshooting).
4. Check your network connectivity.
5. If the issue persists, raise a Zammad ticket with an error screenshot.
2. Verify file format is supported (see Quick Reference → File Formats).
3. Try Chrome or Edge (chromium based browsers are recommended for troubleshooting).
4. Check your network connectivity.
5. If the issue persists, raise a Zammad ticket with an error screenshot.
🐢 Applications loading slowly ▾
1. Check internet connection speed.
2. Close unnecessary browser tabs.
3. Clear browser cache.
4. Try a different browser.
5. Check status.varma.ai for service status.
2. Close unnecessary browser tabs.
3. Clear browser cache.
4. Try a different browser.
5. Check status.varma.ai for service status.
🔍 Cannot find previously uploaded data ▾
1. Confirm you are logged in to the correct account.
2. Check if your session has expired — Data Sense Pro requires an active sign-in for cloud saves.
3. Ensure data was explicitly saved (look for auto-save indicator).
4. Contact IT via Zammad if data appears permanently lost.
2. Check if your session has expired — Data Sense Pro requires an active sign-in for cloud saves.
3. Ensure data was explicitly saved (look for auto-save indicator).
4. Contact IT via Zammad if data appears permanently lost.
Best Practices
Use Chrome 90+ or Edge 90+ for all firm applications. Disable ad blockers on *.varma.ai if you encounter loading issues. Keep the browser updated.
Quick Reference
Application URLs, file formats, and browser compatibility
All Applications
| Application | URL | Primary Use | Access |
|---|---|---|---|
| Data Sense Pro | datasense.varma.ai | Excel analytics & audit sampling | 🔓 All |
| Sales Register Analysis | sales.varma.ai | Sales/purchase trend analysis | 🔓 All |
| Struck-Off Check | struckoff.varma.ai | MCA compliance verification | 🔓 All |
| GSTR Returns Extractor | gstr.varma.ai | GST return data extraction | 🔓 All |
| Challan Extractor | challan.varma.ai | Tax challan PDF extraction | 🔓 All |
| Outline | notes.varma.ai | Knowledge base | 🔓 All |
| Canvas LMS | lms.varma.ai | Training & CPE courses | 🔓 All |
| Open WebUI (AI) | llm.varma.ai | Private AI assistant | 🔓 All |
| Speakr | speakr.varma.ai | Audio transcription | 🔓 All |
| Paperless-ngx | docs.varma.ai | Document management | 🔓 All |
| PDF Tools | pdf.varma.ai | PDF manipulation | 🔓 All |
| Docling | docling.varma.ai/ui | Document conversion | 🔓 All |
| Kimai | time.varma.ai | Time tracking | 🔓 All |
| Zammad | support.varma.ai | IT support ticketing | 🔓 All |
| Vaultwarden | vault.varma.ai | Password management | 🔓 All |
| n8n | n8n.varma.ai | Workflow automation | 🔓 All |
| Jupyter | jupyter.varma.ai | Python/R data analysis | 🔓 All |
| Changedetection | alerts.varma.ai | Regulatory monitoring | 🔓 All |
| SearXNG | search.varma.ai | Private search engine | 🔓 All |
| XLSX Converter | xlsx.varma.ai | Excel to CSV conversion | 🔓 All |
File Format Support
| Application | Supported Input Formats |
|---|---|
| Data Sense Pro | XLSX, XLS, CSV |
| Sales Register | XLSX, XLS, CSV |
| Struck-Off Check | XLSX, XLS, CSV |
| GSTR Returns | JSON, PDF |
| Challan Extractor | |
| Paperless-ngx | PDF, PNG, JPG, TIFF, TXT |
| Docling | PDF, DOCX, PPTX, HTML, images |
| Speakr | MP3, WAV, M4A, MP4, WebM, OGG |
Browser Compatibility
| Browser | Status |
|---|---|
| Google Chrome 90+ | ✅ Recommended |
| Microsoft Edge 90+ | ✅ Recommended |
| Mozilla Firefox 88+ | ✅ Recommended |
| Safari | ⚠️ Limited testing — use at own risk |
| Internet Explorer | ❌ Not supported |
© 2026 Varma & Varma Chartered Accountants. Internal Use Only. v1.0 — February 2026.