Skip to content

Procurement-ready. Built to be reviewed.

Last updated Jun 2026

Everything your security, legal, and procurement teams need to evaluate us — in plain terms. India DPDP compliant by design. India-hosted by default, with EU/US residency and GDPR contracts available for Enterprise engagements on request.

Request the security packet → · Security overview · Live status

What we do by default

The posture every workspace gets, day one.

  • 🔒 Encrypted in transit and at restEvery connection and every stored record is encrypted with current industry-standard ciphers. Credentials and tokens are never stored in plain text.
  • 🇮🇳 India-hosted by defaultCustomer data is hosted on infrastructure inside India and does not leave Indian territory. EU and US data residency are available for Enterprise engagements on request.
  • 🛡️ India DPDP — compliant by designBuilt to the Digital Personal Data Protection Act 2023 from day one. EU GDPR (Art. 28 DPA with SCCs), UK Addendum, and CCPA terms are available on request for Enterprise engagements.
  • 🗄️ Daily encrypted backups, restore testedYour data is backed up daily to encrypted off-site storage, and our restore procedure is tested. Formal recovery-time targets are defined in the Enterprise agreement.
  • 🔑 Per-workspace isolationEvery paying client gets a logically isolated workspace. Any cross-workspace access requires an explicit, logged support request.
  • 📊 Audit-logged accessEvery agent action, customer message, and admin operation is recorded in an immutable audit trail you can request an export of at any time.

Compliance posture

We publish the roadmap honestly.

Pending items are scoped commitments, not aspirational bullet points.

  • India DPDP Act 2023Compliant by design
  • EU GDPR (Art. 28 DPA, SCCs)Available on request
  • UK GDPR + UK AddendumAvailable on request
  • CCPA / CPRAAvailable on request
  • SOC 2 Type IIRoadmap — 2026 H2
  • ISO 27001Roadmap — 2027 H1
  • HIPAANot currently scoped

Contract package

Everything procurement asks for.

  • Master Service Agreement (MSA) Enterprise customer agreement covering term, IP, liability cap, indemnity, and termination. Prepared on request.
  • Data Processing Agreement (DPA) Article 28 GDPR-aligned DPA with SCCs and UK Addendum, plus an India DPDP schedule. Prepared on request for Enterprise engagements.
  • Security packet Detailed posture — architecture, encryption, access controls, subprocessors, and incident process — shared under NDA for procurement review.
  • Subprocessor categories We use a minimal set: an AI provider, WhatsApp delivery, payments, and hosting. The named list with regions is in the security packet.

Availability & status

We publish real platform status — uptime and incident history computed from live health checks — at /status, not numbers from a deck. A formal Service Level Agreement with uptime commitments and service credits is defined in the Enterprise agreement, sized to what we can sustainably honour.

Incident response

We monitor the platform continuously and post status changes to /status. If an incident affects your workspace, we notify you directly by WhatsApp and email, and share a written follow-up for any significant issue.

Security contact · security@niyogai.com

Need the full packet for procurement review?

The detailed security packet, MSA, and DPA are shared under NDA on request. Request the packet →

We turn the package around within 2 business days of request.

WhatsApp