AES-256 Encryption
Military-grade encryption at rest and in transit across all data surfaces, pipelines, and APIs. TLS 1.3 enforced for all connections. No plaintext data persisted.
At restIn transitTLS 1.3
Security & Compliance
Built to pass enterprise procurement on day one.
SOC 2, GDPR, AES-256 encryption, RBAC, and on-premise deployment options — all on by default, not bolted on later. Your CISO and legal team won’t find surprises.
SOC 2 Type IIISO/IEC 27001GDPR CompliantCCPA CompliantAES-256On-Premise Available
Certifications & Compliance
Standards we are held to.
Independently audited, formally certified, and continuously maintained — not self-declared.
SOC 2 Type II
AICPA
Controls audited against AICPA Trust Services Criteria — Security, Availability, Confidentiality. Reports available under NDA to enterprise buyers.
ISO/IEC 27001
ISO
Information security management system. Systematic approach to managing sensitive company and customer information.
GDPR
EU Regulation 2016/679
Data residency controls, right-to-erasure workflows, and consent management built into all products. Data Processing Agreements available on request.
CCPA
California Consumer Privacy Act
Consumer privacy rights, opt-out mechanisms, and data deletion workflows in full compliance with California law.
Technical Controls
How we protect your data.
Every control below is on by default — not an enterprise add-on or a paid tier upgrade.
Role-Based Access Control
Granular, role-scoped access controls with least-privilege by default. Every user action is associated with an explicit permission scope. Supports SSO (Azure AD, Okta, SAML 2.0).
RBACLeast-privilegeSSO
Immutable Audit Logs
Tamper-proof, append-only change logs for every data operation, user action, and system event. Log retention for compliance periods. Export available for audit.
Tamper-proofCompliance retentionExport
On-Premise Deployment
Air-gapped installations available for regulated industries and data-sovereign clients. Full deployment within your VPC or private data centre. No data leaves your environment.
Air-gappedVPCData residency
Penetration Testing
Third-party security assessments conducted on every major platform release cycle by independent security firms. Reports available under NDA.
Third-partyEvery major releaseUnder NDA
Vulnerability Management
Continuous dependency scanning, SAST/DAST in CI/CD pipeline, and a formal vulnerability disclosure programme. Critical CVEs patched within 48 hours.
SAST/DAST48h critical patchCVE tracking
Data Practices
Your data is yours.
Always.
We do not use customer data to train foundation models, sell data to third parties, or access your environment outside of agreed support windows. Every data handling practice below is contractually binding.
No data is ever used to train third-party foundation models
Customer data is logically isolated per tenant — no cross-tenant data access
Data residency controls allow specifying geographic boundaries for storage
Right-to-erasure workflows: customer data deleted within 30 days of request
Backup encryption: all backups encrypted with separate key material
Subprocessor list maintained and available to enterprise customers on request
Enterprise Documentation
Everything your procurement team needs.
Security documentation and audit reports available under NDA to qualified enterprise buyers. Contact us to initiate the request.
Security Overview
Summary of our security posture, certifications, and controls architecture.
SOC 2 Type II Report
Full audit report from independent assessors. Available under NDA.
Penetration Test Report
Latest third-party penetration test results. Available under NDA.
Data Processing Agreement (DPA)
Standard DPA for GDPR and CCPA compliance. Custom terms available.
Vendor Due Diligence Questionnaire
Pre-completed security questionnaire for procurement teams.
99.9%
Platform uptime SLA
Cloud-hosted products
< 4 hrs
Critical issue response
Severity-1 SLA
< 24 hrs
Standard issue response
Severity-2 SLA
SLA commitments formalised in the Master Services Agreement. Custom SLAs available for enterprise engagements. Contact us to discuss your requirements.
Ready to ship outcomes?
Let's build something that lasts.
Tell us your business question, your data estate, and the timeline. We respond within one business day with a written hypothesis and a delivery plan.
USA
+1 804-262-6995
INDIA
+91 96525 95556 / +91 99634 97700