Security
Security-first architecture with AES-256 encryption at rest and TLS 1.3 in transit.
Last Updated: July 2026
GDPR
Architecture-Ready
DPDPA 2023
Architecture-Ready
EU AI Act
Architecture-Ready
NIST AI RMF
Architecture-Ready
SOC 2
Planned
ISO 27001
Planned
ISO 42001
Planned
PCI DSS
Planned
Data Encryption
Encryption at Rest
AES-256 at rest for all stored data
Encryption in Transit
TLS 1.3 in transit for all data transmission
Authentication & Access Control
OAuth 2.0 and OpenID Connect
Multi-factor authentication (MFA)
JWT with short-lived access tokens
Secure session management
Role-based access control (RBAC) with least-privilege enforcement
Single Sign-On (SSO) via SAML 2.0 for enterprise integrations
Infrastructure Security
- Cloud infrastructure with enterprise-grade VPC-style network isolation
- Redundant infrastructure designed for high availability
- Automated vulnerability scanning and patch management
- Automated backups with 30-day retention and point-in-time recovery
- Automated uptime monitoring and anomaly detection
- DDoS protection and rate limiting
Application Security
OWASP Top 10 mitigations
Regular dependency audits
Responsible disclosure policy
AI Security
All user input validated and sanitized before any AI model call — no raw pass-through
Prompt injection defenses across AI-powered products — LAKSHYA, AssetMaestro, VantageVid, and NexaSocial
Model output validated and sanitized before rendering to users
System prompts treated as secrets — never echoed or exposed in API responses or logs
Rate limiting on all AI inference endpoints to prevent abuse
Data Residency
Choose where your data is stored to comply with regional regulations:
United States
Primary
EU Region
Planned
India Region
Planned
Security Practices
- Security audits and penetration testing planned as we scale to production
- Vulnerability scanning and patch management
- Incident response and disaster recovery plans
- Third-party security assessments planned post-launch
- Secure development lifecycle (SDLC)
Responsible Disclosure
If you discover a security vulnerability, please report it to our security team at [email protected]. We take all security reports seriously and will respond within 72 hours.
We do not pursue legal action against researchers who act in good faith and follow this disclosure process.