trust by design. not by claim.
India-first compliance posture — DPDP live, RBI-aligned, SEBI-aware. Global enterprise roadmap — ISO 27001 in-flight, GDPR and HIPAA on the roadmap. Every control we ship, every sub-processor that touches your data.
| standard | scope | relevant to | status | notes |
|---|---|---|---|---|
| DPDP Act 2023 | India | All Indian deployments | Live | Consent capture, retention classes, withdrawal mechanism, PII redaction pre-LLM. India residency by default. Read full statement → |
| RBI Fair Practices Code | India BFSI | Lens — Helm (lending) | Live | Fair Practices Code monitoring built into the Helm agent. Interest disclosures, rejection reasoning, grievance routing — automated at the agent layer. |
| SEBI AI Guidelines | India Capital Markets | Future securities products | Aligned | SEBI's circular on use of AI by market participants. Aminobots Blueprint architecture is designed to meet explainability and audit requirements. |
| CDSCO MDR 2017 | India Medical Devices | Lens — KidneyCare | TRL 4→6 | KidneyCare is on the CDSCO medical device regulatory pathway. TRL progression from 4 (validated in lab) to 6 (clinical validation). Target regulatory submission 2026–27. |
| ISO 27001:2022 | International | All enterprise clients | In-flight | ISMS being built against the standard. Target certification window: Q4 2026. Gap analysis complete; controls implementation underway. |
| SOC 2 Type II | US Enterprise | US-headquartered clients | Roadmap | Planned for 2027 alongside US market entry. Trust Service Criteria: Security, Availability, Confidentiality. Controls architecture already aligned. |
| GDPR | European Union | EU data subjects / EU clients | Roadmap | Data minimisation, purpose limitation, and data subject rights are architecturally consistent with DPDP. Formal GDPR programme planned for EU expansion in 2027. |
| HIPAA | US Healthcare | Lens — KidneyCare (US) | Roadmap | Required for KidneyCare to address US healthcare clients. PHI handling controls, BAA signing capability, and US-resident storage tier planned for 2027 alongside FDA 510(k) pathway. |
All current deployments. Data residency in ap-south-1 (Mumbai) by default. No cross-border transfer without explicit consent.
Target market from 2027. EU-resident storage tier to be established on AWS eu-central-1 (Frankfurt). Formal GDPR programme to follow.
US market entry planned for 2027, led by KidneyCare's FDA pathway. SOC 2 Type II and HIPAA BAA capability required for enterprise procurement.
- immutable audit trailEvery external call, model invocation, and human decision written to WORM store. Retention class enforced at bucket policy. Tamper-evident by design.
- per-tenant customer-managed keys (CMK)Encryption at rest using CMK via AWS KMS. We never see your plaintext. Key rotation customer-controlled.
- PII redaction pre-LLMAadhaar, PAN, mobile numbers, and account numbers stripped before any model call. Redaction happens in the ingestion pipeline, not as an afterthought.
- India data residency by defaultAll deployments run in ap-south-1 (Mumbai). Private endpoints. No public egress. Cross-border transfer only with explicit customer consent and documented purpose.
- RBAC + tenant isolationRow and column ACLs. Per-tenant CMK keys. Every query scoped to the user's permission set. No cross-tenant data leakage possible at the storage layer.
- limbic veto — pre-execution safety stopUnsafe action paths are halted before execution. Bedrock Guardrails for content safety on all Claude-tier calls. HITL routing for high-consequence decisions.
- structured outputs + per-stage evaluatorsEvery agent stage produces typed, validated outputs. Per-stage evaluators catch hallucinations and drift before they propagate downstream.
| vendor | purpose | data location | vol. |
|---|---|---|---|
| AWS | Infrastructure · Bedrock LLM · KMS · S3 WORM | ap-south-1 (Mumbai) | 100% |
| DeepSeek (self-hosted) | LLM tier 1 — majority of agent calls | ap-south-1 (Mumbai) | ~80% |
| Qwen (self-hosted) | LLM tier 2 — multilingual and document tasks | ap-south-1 (Mumbai) | ~15% |
| Anthropic (via AWS Bedrock) | LLM tier 3 — complex reasoning and HITL explanation | US (when used) — PII-stripped before call | ~5% |
Self-hosted models (DeepSeek, Qwen) run entirely within the customer's AWS tenancy. No data is transmitted to third-party model APIs for ~95% of calls. For the 5% of calls routed to Anthropic via Bedrock, PII is stripped at the ingestion layer before the call is made. Sub-processor list is reviewed quarterly. Customers are notified of any addition or substitution with 30 days notice.
every decision is traceable
Structured outputs at every agent stage. Token-level reasoning chains for high-consequence decisions. No black-box outputs in regulated workflows.
agents know when to stop
HITL checkpoints are built into the Blueprint — not added later. Credit decisions, clinical flags, and financial disbursements always have a defined human escalation path.
evaluated at every stage
Per-stage evaluators catch hallucination and distributional drift before it propagates. CLEAR baseline used to measure capability degradation over time.
we'll send you the full security pack.
Architecture diagrams. Sub-processor DPAs. Pentest summary. ISMS scope statement. DPDP compliance questionnaire. Available under NDA for enterprise prospects.
request security pack