← Home Security Privacy
🔒 Trust Center

Enterprise-Grade Compliance

SANSA AI meets the highest standards of data protection, security, and privacy compliance for businesses worldwide.

Certifications & Standards

Our commitment to protecting your data through industry-recognized certifications

✓ Compliant
🛡️

SOC 2 Type II

Annual audit of security, availability, processing integrity, confidentiality, and privacy controls by independent third-party auditors.

✓ Compliant
🇪🇺

GDPR

Full compliance with the EU General Data Protection Regulation. Data processing agreements, right to erasure, data portability, and DPO appointed.

✓ Compliant
📋

ISO 27001

Information Security Management System (ISMS) certified. Comprehensive policies, risk assessment, and continuous improvement framework.

⏳ In Progress
🏥

HIPAA Ready

Healthcare data handling capabilities with BAA support, PHI safeguards, encryption at rest and in transit, and audit logging.

📅 Planned
💳

PCI DSS

Payment Card Industry Data Security Standard compliance for processing credit card transactions through Razorpay's certified infrastructure.

✓ Compliant
🇮🇳

DPDP Act (India)

Compliance with India's Digital Personal Data Protection Act 2023. Consent management, data fiduciary obligations, and grievance redressal.

Data Residency

Your data stays where you need it

🇮🇳

India (Primary)

Active

Mumbai & Chennai regions. All Indian user data stored domestically.

🇺🇸

United States

Available

US-East & US-West regions for North American customers.

🇪🇺

European Union

Planned Q3 2026

Frankfurt & Dublin regions for EU data sovereignty requirements.

Sub-processors

Third-party services that process data on our behalf

Sub-processorPurposeLocationData Type
AWS (Amazon)Cloud infrastructure & storageIndia, USAll platform data
CloudflareCDN, DDoS protection, WAFGlobal EdgeNetwork traffic
RazorpayPayment processingIndiaPayment data (PCI DSS)
OpenAIAI model inferenceUSPrompt/response content
Google CloudAI models (Gemini)US, IndiaPrompt/response content
AnthropicAI model inference (Claude)USPrompt/response content
PostmarkTransactional emailUSEmail addresses, names
Cloudflare R2Object storage (uploads)India, USUser-generated files

Security Practices

How we protect your data every day

🔐

AES-256 Encryption

All data encrypted at rest with AES-256 and in transit with TLS 1.3.

🔑

Zero-Trust Access

RBAC, MFA, and principle of least privilege for all internal access.

📝

Audit Logging

Immutable audit trails for every sensitive action with 90-day retention.

🔍

Penetration Testing

Annual third-party pen tests and continuous vulnerability scanning.

🚨

Incident Response

24-hour breach notification SLA with documented response playbooks.

👨‍💻

Secure Development

SAST/DAST scanning in CI/CD, code review mandates, and dependency audits.

Downloads

Resources for your compliance review

📄 Security Whitepaper (PDF) 📝 Data Processing Agreement (DPA) 📋 SOC 2 Report Summary 🔐 Penetration Test Summary

Have Compliance Questions?

Our security team is ready to help with your compliance review and provide any documentation you need.

📧 Contact Security Team