RAKṢĀ — Protection

Security Is Not a Feature. It's the Foundation.

Enterprise AI demands enterprise-grade security. Every layer of Avyay — from data ingestion to model inference — is built with defence in depth, zero-trust principles, and full auditability.

Request Security Whitepapersecurity@avyay.ai
🛡️SOC 2In Progress
🇪🇺GDPRCompliant
🔒CCPACompliant
🔐AES-256Encryption
🌐TLS 1.3In Transit
View our security posture →
Defence in Depth

Six Pillars of Security

Every layer is designed to protect your data, your users, and your trust.

Encryption Everywhere

AES-256 encryption at rest and TLS 1.3 in transit. Your data is never readable outside your authorised environment.

  • AES-256-GCM for data at rest
  • TLS 1.3 for all data in transit
  • End-to-end encrypted API communications
  • Hardware-backed key management

Zero Data Retention

We process your queries in real-time and never persist your proprietary data. Your prompts and responses stay yours.

  • No prompt/response logging by default
  • Ephemeral processing pipelines
  • Customer-controlled retention policies
  • Right to deletion within 24 hours

Infrastructure Security

Deployed on SOC 2 Type II compliant infrastructure with network segmentation, WAF, and continuous monitoring.

  • SOC 2 Type II compliant hosting
  • Network segmentation & micro-services
  • Web Application Firewall (WAF)
  • DDoS protection & rate limiting

Access Controls

Role-based access with SSO, MFA enforcement, and API key rotation. Every access is authenticated and authorised.

  • SAML/OIDC SSO integration
  • Mandatory MFA for all accounts
  • Granular RBAC with least privilege
  • Automatic API key rotation

Audit Logging

Immutable audit trails for every action. Exportable logs for your compliance team, integrated with your SIEM.

  • Immutable, tamper-proof audit logs
  • Real-time event streaming
  • SIEM integration (Splunk, Datadog, etc.)
  • Configurable retention & export

Incident Response

24/7 monitoring with automated alerting and a defined incident response plan. Transparent communication always.

  • 24/7 automated monitoring & alerting
  • Defined incident response playbooks
  • Transparent status page
  • Post-incident reports within 48 hours
Compliance

Standards & Certifications

We hold ourselves to the highest industry standards so your compliance team can sleep at night.

SOC 2In Progress

SOC 2 Type II

Comprehensive audit of security, availability, and confidentiality controls. Expected completion Q3 2026.

GDPRCompliant

GDPR

Full compliance with EU data protection regulations including data processing agreements and privacy by design.

CCPACompliant

CCPA

California Consumer Privacy Act compliance with transparent data practices and consumer rights support.

OWASPAligned

OWASP Top 10

All products tested against OWASP Top 10 vulnerabilities. RAKṢĀ performs continuous security scanning.

ISOTracked

ISO 27001

Automated evidence collection and compliance tracking aligned with ISO 27001 controls via our security scanning pipeline.

PCITracked

PCI-DSS

Payment Card Industry Data Security Standard compliance monitoring with automated scanning and remediation tracking.

Data Handling

Your Data, Your Control

We believe data sovereignty isn't negotiable. Every practice below is designed to keep you in full control of your data lifecycle.

Data residencyCustomer choice — US, EU, or APAC regions
Data isolationDedicated tenant environments with logical separation
Backup encryptionAES-256 encrypted backups with customer-managed keys
Data classificationAutomated classification with configurable sensitivity levels
Vendor sub-processorsTransparent list with prior notification of changes
Penetration testingAnnual third-party pentests with remediation tracking
Vulnerability managementAutomated scanning pipeline — container, dependency, SAST & DAST with SLA-based remediation
SBOM generationCycloneDX format with full dependency tree and license compliance tracking
Employee accessBackground checks, least-privilege access, quarterly reviews
Architecture

Zero-Trust by Design

Every request is authenticated, every action is logged, every boundary is enforced.

Client
TLS 1.3 · MFA · SSO
API Gateway
WAF · Rate Limiting · Auth
MĀRGA Router
Model Routing · Redaction
RAKṢĀ Guard
Content Filtering · PII
256-bit
Encryption
99.95%
Uptime SLA
<48h
Incident Reports
24/7
Monitoring
Automation

Security Scanning Pipeline

Automated, parallel security scanning across containers, dependencies, code, and live endpoints — integrated directly into your CI/CD workflow.

01

Container Scanning

Trivy & Grype integration with image policies, layer analysis, and secret detection across all container images.

02

Dependency Analysis

Deep analysis across npm, pip, Go, Cargo, and Maven — including license compliance, typosquatting detection, and SBOM generation.

03

SAST & DAST

Static analysis with 10+ rules covering SQL injection, XSS, SSRF, and more. Dynamic scanning for TLS, CORS, security headers, and open redirects.

04

Remediation Engine

Prioritised remediation plans with auto-fix identification, quick-win detection, and effort estimation for every finding.

05

Compliance Automation

Continuous compliance tracking across SOC 2, ISO 27001, PCI-DSS, and OWASP Top 10 with automated evidence mapping.

06

CI/CD Integration

GitHub Actions workflow with SARIF upload, PR comments, parallel scan execution, and configurable security gate policies.

9
Products Scanned
4
Scan Types (Parallel)
4
Compliance Frameworks
CycloneDX
SBOM Format
06 DHARMA — Governance

Responsible AI Practices

Security extends beyond infrastructure. Our AI governance ensures fairness, transparency, and accountability.

01

Model Transparency

Full visibility into which models process your data, with configurable routing rules and provider preferences.

02

PII Redaction

RAKṢĀ automatically detects and redacts personally identifiable information before data reaches any LLM provider.

03

Bias Monitoring

Continuous monitoring for model bias with configurable guardrails and human-in-the-loop review capabilities.

Ready to Talk Security?

Our security team is available to discuss your specific requirements, provide detailed documentation, or schedule a security review.

Schedule Security ReviewContact Security Team