Built to survive your IT review.
SOC 2 Type II. ISO 27001. GDPR. DPDP Act. Data residency choice. Your security team will have fewer questions than usual — but we answer the ones they have in writing.
- SOCSOC 2 Type II
- ISOISO 27001
- GDPGDPR
- DPDDPDP Act (India)
Compliance
Audited posture for the frameworks enterprises actually ask about.
SOC 2 Type II
Reported annually; customer NDA available on request.
ISO 27001
ISMS certified for the full stack, including infrastructure.
GDPR
DPA available for EU processors; data subject request workflow built-in.
HIPAA readiness
BAA for healthcare customers in Enterprise tier.
Data protection
Encryption in transit and at rest; residency on your terms.
At rest
AES-256 encryption on all databases and blob storage.
In transit
TLS 1.2+ for all client and service-to-service traffic.
Residency choice
Azure Central India, West Europe, or East US — locked at tenant signup.
Key management
Per-tenant customer-managed keys via Azure Key Vault on Enterprise.
Access & identity
Zero trust, role-scoped, fully auditable.
SSO & SAML
Okta, Azure AD, Google Workspace; SCIM provisioning included.
MFA
TOTP and push-based MFA for all users; mandatory for admins.
RBAC
Fine-grained, tenant-scoped roles with six out-of-box tiers plus custom.
Session management
Configurable idle timeout, device-binding, and session revocation.
Operational security
We assume breach and design accordingly.
24×7 monitoring
SIEM with anomaly detection; oncall runbook tested quarterly.
Vulnerability management
Daily SCA, weekly DAST, quarterly pen-tests by a third party.
Incident response
Customer-facing IR playbook; notification within 72 hours as required.
Business continuity
RPO 15 min, RTO 60 min; DR tested every 6 months.
Ready to see it?
Ready for your IT review?
We'll share our SOC 2 Type II report under NDA, and join a technical deep-dive with your security team.