Legal & Compliance

Security

Security-first architecture with AES-256 encryption at rest and TLS 1.3 in transit.

Last Updated: July 2026

GDPR

Architecture-Ready

DPDPA 2023

Architecture-Ready

EU AI Act

Architecture-Ready

NIST AI RMF

Architecture-Ready

SOC 2

Planned

ISO 27001

Planned

ISO 42001

Planned

PCI DSS

Planned

Data Encryption

Encryption at Rest

AES-256 at rest for all stored data

Encryption in Transit

TLS 1.3 in transit for all data transmission

Authentication & Access Control

OAuth 2.0 and OpenID Connect

Multi-factor authentication (MFA)

JWT with short-lived access tokens

Secure session management

Role-based access control (RBAC) with least-privilege enforcement

Single Sign-On (SSO) via SAML 2.0 for enterprise integrations

Infrastructure Security

  • Cloud infrastructure with enterprise-grade VPC-style network isolation
  • Redundant infrastructure designed for high availability
  • Automated vulnerability scanning and patch management
  • Automated backups with 30-day retention and point-in-time recovery
  • Automated uptime monitoring and anomaly detection
  • DDoS protection and rate limiting

Application Security

OWASP Top 10 mitigations

Regular dependency audits

Responsible disclosure policy

AI Security

All user input validated and sanitized before any AI model call — no raw pass-through

Prompt injection defenses across AI-powered products — LAKSHYA, AssetMaestro, VantageVid, and NexaSocial

Model output validated and sanitized before rendering to users

System prompts treated as secrets — never echoed or exposed in API responses or logs

Rate limiting on all AI inference endpoints to prevent abuse

Data Residency

Choose where your data is stored to comply with regional regulations:

United States

Primary

EU Region

Planned

India Region

Planned

Security Practices

  • Security audits and penetration testing planned as we scale to production
  • Vulnerability scanning and patch management
  • Incident response and disaster recovery plans
  • Third-party security assessments planned post-launch
  • Secure development lifecycle (SDLC)

Responsible Disclosure

If you discover a security vulnerability, please report it to our security team at [email protected]. We take all security reports seriously and will respond within 72 hours.

We do not pursue legal action against researchers who act in good faith and follow this disclosure process.

Security Questions?

For security inquiries or to report vulnerabilities:

[email protected]