Built for regulated industries.

• Tenant isolation. Every document, chat, lead, and KB entry is tagged with a tenant ID at insert time and filtered at every query. No cross-tenant reads are possible at the API layer.
• PII masking. Phone numbers, email addresses, and free-form "I live at..." strings are redacted from LLM logs and from the confirmation bubble shown to visitors. Masking rules live in a single compliance service you can audit.
• Retention. Chat transcripts and leads are retained for the lifetime of your workspace. Tenants can request deletion of any conversation or lead via the admin UI; deletes propagate to the vector index within minutes.
• No training on your data. We do not fine-tune foundation models on tenant content. Retrieval augments the model at inference time — your documents are looked up, not memorised.

We operate under India's DPDP Act framework (with GDPR-aligned controls for EU data subjects). Our public-facing legal documents — Privacy Policy, Terms, Refund Policy — are updated in lockstep with platform changes.

We are not yet SOC-2 or ISO-27001 certified. That's a deliberate honest statement, not a gap we hide. Our roadmap targets ISO-27001 Stage-1 audit by late 2026 once the platform stabilises past 50 paid tenants. We'll publish the auditor's letter here the day we pass.

• Data stores. MongoDB (primary), Qdrant (vector index), Upstash Redis (rate limiting + cache). All are encrypted at rest and accessed only over TLS.
• LLM providers. Requests route through our provider layer to OpenAI, Anthropic, or Google depending on the tenant's configured model. Your prompts never leave that trusted triad.
• Email. Transactional email (overage alerts, password resets, receipts) via Zoho SMTP. No marketing mailers are sent without explicit opt-in.
• Data residency. Primary infrastructure in Asia-Pacific (AWS ap-south-1 by default). EU tenant residency on request.

• Uptime target. 99.5% for the chat API on paid plans. Live status: status.hanvitt.ai.
• Audit trail. Every admin action (KB edits, tenant config changes, key rotations) is logged to an immutable audit collection and exposed in Observability → Events.
• Disclosure. Verified security issues are acknowledged within 48 hours at hello@hanvitt.com. Customer-impacting incidents trigger a written post-mortem published on the status page within 5 business days.
• Paper trail. DPA (Data Processing Agreement), SCC (Standard Contractual Clauses), and sub-processor list are available on request for any paid tenant.