Data Security Policy

1. Cert-In VAPT Certification

Verbalyze maintains rigorous security standards. Our entire infrastructure, API gateways, and model inference pipelines undergo annual Vulnerability Assessment and Penetration Testing (VAPT) by CERT-In empanelled auditors.

2. Encryption Standards

In Transit: All data transmitted between clients and our APIs is encrypted using TLS 1.3.
At Rest: All stored data, including temporary audio buffers and audit logs, is encrypted using AES-256 standard. Keys are managed via AWS KMS, with options for Customer Managed Keys (CMK) on Enterprise plans.

3. PII Redaction & RBI Guidelines

Our pipelines include an automated PII redaction layer that strips sensitive information (Aadhaar, PAN, credit card numbers, phone numbers) before any transcript is logged. We strictly adhere to RBI IT Framework guidelines for data localization and secure storage.

4. Access Controls

We enforce strict Role-Based Access Control (RBAC) across all systems. Multi-Factor Authentication (MFA) is mandatory for all internal access. Production environments are fully segregated, following a Zero-Trust Network Architecture.

5. Incident Response

We maintain a 24/7 Security Operations Center (SOC). In the unlikely event of a security breach, we guarantee notification to affected enterprise customers within 24 hours, in accordance with our SLA and regulatory requirements.