SANSA AI meets the highest standards of data protection, security, and privacy compliance for businesses worldwide.
Our commitment to protecting your data through industry-recognized certifications
Annual audit of security, availability, processing integrity, confidentiality, and privacy controls by independent third-party auditors.
Full compliance with the EU General Data Protection Regulation. Data processing agreements, right to erasure, data portability, and DPO appointed.
Information Security Management System (ISMS) certified. Comprehensive policies, risk assessment, and continuous improvement framework.
Healthcare data handling capabilities with BAA support, PHI safeguards, encryption at rest and in transit, and audit logging.
Payment Card Industry Data Security Standard compliance for processing credit card transactions through Razorpay's certified infrastructure.
Compliance with India's Digital Personal Data Protection Act 2023. Consent management, data fiduciary obligations, and grievance redressal.
Your data stays where you need it
Mumbai & Chennai regions. All Indian user data stored domestically.
US-East & US-West regions for North American customers.
Frankfurt & Dublin regions for EU data sovereignty requirements.
Third-party services that process data on our behalf
| Sub-processor | Purpose | Location | Data Type |
|---|---|---|---|
| AWS (Amazon) | Cloud infrastructure & storage | India, US | All platform data |
| Cloudflare | CDN, DDoS protection, WAF | Global Edge | Network traffic |
| Razorpay | Payment processing | India | Payment data (PCI DSS) |
| OpenAI | AI model inference | US | Prompt/response content |
| Google Cloud | AI models (Gemini) | US, India | Prompt/response content |
| Anthropic | AI model inference (Claude) | US | Prompt/response content |
| Postmark | Transactional email | US | Email addresses, names |
| Cloudflare R2 | Object storage (uploads) | India, US | User-generated files |
How we protect your data every day
All data encrypted at rest with AES-256 and in transit with TLS 1.3.
RBAC, MFA, and principle of least privilege for all internal access.
Immutable audit trails for every sensitive action with 90-day retention.
Annual third-party pen tests and continuous vulnerability scanning.
24-hour breach notification SLA with documented response playbooks.
SAST/DAST scanning in CI/CD, code review mandates, and dependency audits.
Resources for your compliance review
Our security team is ready to help with your compliance review and provide any documentation you need.
📧 Contact Security Team