Procurement-ready. Built to be reviewed.
Last updated Jun 2026
Everything your security, legal, and procurement teams need to evaluate us — in plain terms. India DPDP compliant by design. India-hosted by default, with EU/US residency and GDPR contracts available for Enterprise engagements on request.
Request the security packet → · Security overview · Live status
What we do by default
The posture every workspace gets, day one.
- 🔒 Encrypted in transit and at rest — Every connection and every stored record is encrypted with current industry-standard ciphers. Credentials and tokens are never stored in plain text.
- 🇮🇳 India-hosted by default — Customer data is hosted on infrastructure inside India and does not leave Indian territory. EU and US data residency are available for Enterprise engagements on request.
- 🛡️ India DPDP — compliant by design — Built to the Digital Personal Data Protection Act 2023 from day one. EU GDPR (Art. 28 DPA with SCCs), UK Addendum, and CCPA terms are available on request for Enterprise engagements.
- 🗄️ Daily encrypted backups, restore tested — Your data is backed up daily to encrypted off-site storage, and our restore procedure is tested. Formal recovery-time targets are defined in the Enterprise agreement.
- 🔑 Per-workspace isolation — Every paying client gets a logically isolated workspace. Any cross-workspace access requires an explicit, logged support request.
- 📊 Audit-logged access — Every agent action, customer message, and admin operation is recorded in an immutable audit trail you can request an export of at any time.
Compliance posture
We publish the roadmap honestly.
Pending items are scoped commitments, not aspirational bullet points.
- India DPDP Act 2023 — Compliant by design
- EU GDPR (Art. 28 DPA, SCCs) — Available on request
- UK GDPR + UK Addendum — Available on request
- CCPA / CPRA — Available on request
- SOC 2 Type II — Roadmap — 2026 H2
- ISO 27001 — Roadmap — 2027 H1
- HIPAA — Not currently scoped
Contract package
Everything procurement asks for.
- Master Service Agreement (MSA) — Enterprise customer agreement covering term, IP, liability cap, indemnity, and termination. Prepared on request.
- Data Processing Agreement (DPA) — Article 28 GDPR-aligned DPA with SCCs and UK Addendum, plus an India DPDP schedule. Prepared on request for Enterprise engagements.
- Security packet — Detailed posture — architecture, encryption, access controls, subprocessors, and incident process — shared under NDA for procurement review.
- Subprocessor categories — We use a minimal set: an AI provider, WhatsApp delivery, payments, and hosting. The named list with regions is in the security packet.
Availability & status
We publish real platform status — uptime and incident history computed from live health checks — at /status, not numbers from a deck. A formal Service Level Agreement with uptime commitments and service credits is defined in the Enterprise agreement, sized to what we can sustainably honour.
Incident response
We monitor the platform continuously and post status changes to /status. If an incident affects your workspace, we notify you directly by WhatsApp and email, and share a written follow-up for any significant issue.
Security contact · security@niyogai.com
Need the full packet for procurement review?
The detailed security packet, MSA, and DPA are shared under NDA on request. Request the packet →
We turn the package around within 2 business days of request.