Security & your data

Where your data lives (India), how it's encrypted, the private evidence vault, role-scoped access, and how we use AI — with a link to the full security page.

ComplianceStack becomes your system of record for sensitive statutory documents, so it's fair to ask how the tool itself handles data. Here's the short version; the full, continuously-updated detail lives on our security page.

Where it lives & how it's protected

  • In India — your data is stored in a managed Postgres database and file store hosted in the ap-south-1 (Mumbai) region.
  • Encrypted — in transit over TLS and at rest, including uploaded documents.
  • Private evidence vault — files sit in a private bucket with no public links; the app serves them only through short-lived signed URLs to authorised users.
  • Scoped access— role-based permissions isolate each company's data, and database row-level security denies the public API key.

AI, carefully

AI never decides what compliance applies to you — a deterministic, versioned engine does that. The AI only classifies, extracts, summarises and drafts, and we don't use your data to train models.

Read the full breakdown — encryption, subprocessors, and our SOC 2 / ISO 27001 / DPDP roadmap — on the security page.

Read the security page

Related

← Previous
Run your first compliance health check
Next →
How applicability is decided