Compliance &
Data Protection

We are committed to maintaining the highest standards of data protection, privacy, and regulatory compliance to earn and keep your trust.

Compliance Standards

Meeting global standards for data protection and security

Data Privacy

Comprehensive privacy controls including data minimization, purpose limitation, storage limitation, and privacy-preserving analytics.

Minimization Anonymization Retention

Transparency & Reporting

Regular transparency reports, clear data handling policies, and comprehensive audit trails for all data processing activities.

Audit Trails Transparency Reporting

Third-Party Compliance

All third-party services (AWS, OpenAI, Google OAuth) maintain their own certifications and compliance standards.

AWS OpenAI Google

Data Protection

Comprehensive measures to protect your data throughout its lifecycle

01

Data Collection & Processing

We collect only the data necessary to provide our services and process it lawfully, fairly, and transparently.

  • Minimal Collection: Only essential data is collected
  • Purpose Specification: Clear purposes defined for all data processing
  • Lawful Basis: Processing based on consent or legitimate interest
  • User Control: Users control their data and can revoke consent
  • Data Accuracy: Mechanisms to keep data accurate and up-to-date
02

Data Storage & Retention

Secure storage with clear retention policies and automated cleanup procedures.

  • Encrypted Storage: All data encrypted at rest using AES-256
  • Geographic Controls: Data stored in AWS ap-south-1 (Mumbai) region
  • Retention Policies: Clear data retention and deletion schedules
  • Backup & Recovery: Automated backups with point-in-time recovery
03

User Rights & Control

Comprehensive user rights aligned with GDPR and data protection best practices.

  • Right to Access: Users can access their personal data anytime
  • Right to Erasure: Account deletion with cascading data removal
  • Right to Portability: Export data in standard formats (JSON, DOCX, PPTX)
  • Right to Rectification: Update and correct personal information
  • Right to Object: Opt-out of certain data processing activities
04

Incident Response & Breach Notification

Comprehensive incident response plan with timely breach notification procedures.

  • 24/7 Monitoring: Continuous security monitoring via CloudWatch
  • Incident Response Plan: Documented procedures for security incidents
  • Breach Notification: 72-hour notification to affected users
  • Root Cause Analysis: Post-incident analysis and remediation
  • Regulatory Reporting: Compliance with breach notification laws

Compliance Framework

Our ongoing commitment to compliance and continuous improvement

Compliance Controls

Access Control & Authentication
Data Encryption (at rest & in transit)
Audit Logging & Monitoring
Incident Response Procedures
Data Backup & Recovery
Vendor Risk Management
Privacy Impact Assessments
Security Awareness Training
Change Management Process
Business Continuity Planning
Third-Party Security Reviews
Vulnerability Management

Sub-processors & Third Parties

Trusted partners who help us deliver our services securely

Amazon Web Services (AWS) Infrastructure

Cloud infrastructure, compute, storage, and database services. SOC 2, ISO 27001, GDPR compliant.

OpenAI AI Services

GPT-4 language model for AI-powered features. SOC 2 Type II certified, data processing agreement in place.

Anthropic AI Services

Claude Sonnet 4.5 for advanced AI capabilities. Strong privacy commitments and security practices.

Google Authentication

OAuth2 authentication services. ISO 27001, SOC 2/3, and GDPR compliant.

Questions About Compliance?

Our compliance team is here to help with any questions about our data protection practices, certifications, or regulatory compliance.

Contact Compliance Team Privacy Policy

Email: compliance@yantratmika.com | DPO: dpo@yantratmika.com