Home/Security & Privacy

SECURITY & PRIVACY

Bank-grade security, by default.

Data stays inside. Private LLM for financial data. Certified to banking standards.

Book a demo  →

CERTIFIED, ENCRYPTED, AUDITED

Built to bank-grade.

Architected for Indian regulatory requirements. Encryption everywhere. Compliance evidence on demand.

Bank-Level Security

Enterprise-grade infrastructure with zero-trust access controls.

256-bit Encryption

End-to-end AES-256 encryption in transit and at rest.

ISO 27001 Certified

Audited information-security management system.

120+ Enterprises

Trusted by banks, NBFCs and large enterprises.

THE FOUR PILLARS

How AICA keeps your data safe.

Four guarantees that show up in every contract we sign with a bank, NBFC or enterprise.

01 · DATA RESIDENCY
Your data never leaves your perimeter.

Private LLM per tenant. Files never reach public models. No cross-customer mixing. In-region hosting.

02 · ENCRYPTION
AES-256 end to end.

TLS 1.3 in transit, AES-256 at rest. Customer-managed keys available. Field-level encryption for PII.

03 · ACCESS CONTROL
Zero-trust, row-level.

SSO, MFA & recorded reason per read. Role & row-level permissions. Auditors see all but can't write.

04 · AUDIT TRAIL
Every check, sourced and timestamped.

Logs every API call, invocation & alert. Audit packs on demand in RBI format. Sourced conclusions.

CERTIFICATIONS & FRAMEWORKS

Compliance evidence on demand.

Aligns with Indian regulatory & enterprise risk frameworks. Share security pack with CISO in one click.

CERTIFIED

ISO/IEC 27001

Information-security management system audited annually by an accredited certification body.

ALIGNED

RBI DLG Guidelines

RBI Digital Lending Guidelines compliant from day one.

NATIVE

Account Aggregator

Consent-based data fetch via Setu and Finvu. Every data pull is consent-recorded and revocable.

REGULATED

DPDP Act, 2023

DPDPA compliant. Purpose limitation, minimization, breach notification, deletion on request.

PRIVATE ISOLATED LLM

Your borrowers' files never touch a public model.

Private LLM per tenant: dedicated inference, storage & keys. No cross-customer training.

  • Dedicated inference per tenant

    Prompts & files processed on tenant-scoped instance only.

  • No training on customer data

    Customer data never trains or fine-tunes models. Improvements from synthetic & public data.

  • In-region hosting

    Indian deployments hosted in Mumbai region. No data crosses borders unless explicitly contracted otherwise.

SECURITY ARCHITECTURE · AT A GLANCE
Encryption in transitTLS 1.3
Encryption at restAES-256
Key managementCustomer-managed
AuthenticationSSO + MFA
AuthorisationRBAC + row-level
Audit loggingEvery read & write
BackupsEncrypted, geo-redundant
Penetration testingQuarterly · third-party
Vulnerability scanningContinuous
Incident response24/7 SOC

WANT THE FULL SECURITY PACK?

Talk to our security team.

Architecture diagrams, data-flow specs, audit reports, certification documents, share with your CISO or risk team in one call.

Book a demo  →

A Recur Club product