Security & Compliance

Enterprise-grade security, privacy, and compliance — designed from day one.

Enterprise-Grade Security by Design

🗺️

Data Sovereignty

We support local data residency. Your data never leaves your jurisdiction and is processed in compliance with regional regulatory requirements.

  • India-Local Residency: All data processing is strictly maintained within Indian borders, utilizing local availability zones in Pune and Mumbai.
  • VPC & On-Premise Deployment: Flexible deployment models allow the platform to run entirely within your institution’s Virtual Private Cloud (VPC) or on-premise infrastructure.
  • Zero Cross-Border Transfer: No forensic metadata, facial vectors, or raw video packets are transferred outside the host jurisdiction for secondary processing.
🔐

Encryption & Key Management

  • Enterprise Standards: Full support for AES-256 at-rest encryption and TLS 1.3 for all data in transit.
  • Forensic Integrity Hashing: Every analysis generates a unique SHA-256 cryptographic hash, ensuring the immutability and audit-readiness of forensic evidence.
  • HSM Management: All cryptographic certificates and top-level keys are managed via Hardware Security Modules (HSM) to prevent unauthorized access.
📜

Compliance Roadmap

  • RBI V-CIP Alignment: Architected to assist regulated entities in meeting RBI Master Directions on V-CIP and digital onboarding (2025/2026).
  • Audit-Ready Architecture: Fremner is architected to meet SOC 2 Type II and ISO 27001 standards, with a Security-by-Design framework embedded from day one.
  • Certification Roadmap: Formal certifications are initiated as part of enterprise onboarding partnerships and customer-specific compliance requirements.
🛡️

Privacy Commitment

Zero-Reuse Policy. Customer data is never used to train public models, shared across tenants, or retained beyond operational necessity.

  • Ephemeral Processing: All video analysis occurs in transient RAM memory and is purged immediately upon completion of the 5-second forensic scan.
  • DPDP Act Compliance: Built in alignment with the Digital Personal Data Protection (DPDP) Act, ensuring no long-term storage of biometric templates.
  • Tenant Isolation: Strict logical separation of data ensures that institutional data is never co-mingled or used to train shared public models.