OUR SECURITY PRINCIPLES
Privacy by Design
- Security is embedded into every decision, workflow, and system we build.
Minimal Data, Maximum Value
- Avisa uses the least amount of data required to deliver AI-driven business outcomes.
Enterprise-Ready Architecture
- From encrypted storage to SSO readiness — built to meet the needs of companies of all sizes.
WHAT’S LIVE TODAY (2025)
Encryption & Data Protection
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for all data at rest
- Strict API-level authentication
- Secure key vault management
Application Security
- Role-based access (Field, Manager, Executive)
- Secure session tokens
- Rate limiting + brute-force protection
- CSP headers across all pages
Infrastructure & Deployment
- Hosted in AWS (ap-south-1)
- VPC isolation
- WAF protection
- Server-side input validation
Data Minimization
- No unnecessary PII collected
- No intrusive data scraping
- No CRM data replication; orchestration layer ONLY
Logging & Monitoring
- Application logs
- Suspicious login attempt alerts
- 24x7 uptime monitoring
COMING SOON: ENTERPRISE-GRADE SECURITY (JAN ‘26)
OIDC / SAML SSO
Single Sign-On with industry leaders such as Azure AD, Okta, Google Workspace.
Data Residency Requirements
Choice of data residency regions:
• India (default)
• UAE
• EU (roadmap)
IP Allowlisting
Restrict account access to specific IP ranges for enterprise deployments.
SCIM 2.0 Provisioning
Automated user provisioning & deprovisioning for enterprise governance.
Role-Based Access Control (RBAC)
Granular permissions for:
• Field Teams
• Managers
• Finance
• Executive / CXO
• Admins
Multi-Factor Authentication (MFA)
Mandatory MFA for Admin, Finance, and Executive roles.
Audit Logs (V2)
Full audit trail across:
• Agent actions
• User interactions
• API triggers
• Configuration changes
DATA PROTECTION & PRIVACY
Your Data. Your Control.
Data Ownership
You always own your data. Avisa only processes it to provide business outcomes.
Data Retention Policy
Data retained only as long as needed for your growth workflows.
Secure Data Deletion
On request, data is securely wiped from all environments.
No 3rd-Party Data Sharing
We do not sell, trade, or share customer data — ever.
Responsible AI Usage
Avisa’s AI Agents use signals and workflows; they do not use your data for model retraining without explicit permission.
REGULATORY ALIGNMENT (LIGHTWEIGHT NOW, FULL IN 2026)
Avisa is aligned to industry best practices—tailored to MSME, enterprise, and regulated segments.
Live Alignment:
- Indian DPDP (2023) baseline principles
- GDPR influence model (consent + minimalism)
- BIS-compliant infrastructure standards via AWS
Roadmap:
- SOC 2 Type I (2026)
- SOC 2 Type II (2027)
- ISO 27001 alignment (2027)
SECURITY FOR ENTERPRISE BUYERS
Enterprise Readiness Includes:
- Security questionnaire responses (available on request)
- Custom NDA and procurement paperwork
- Pen-test reports (2026 onwards)
- Configurable data retention
- IP allowlisting
- Region/vertical-specific controls
Q: Can we integrate with our identity provider?
A: Yes — SSO (OIDC/SAML) goes live in Jan ‘26.
Q: Where is my data stored?
A: AWS ap-south-1 (India), with future options for UAE and EU.
Q: Does Avisa store CRM data?
A: No — Avisa orchestrates actions, it does not replicate core data.
Q: Will we get audit logs?
A: Yes — v2 audit logs go live in Jan ‘26.
Q: Can I restrict user access?
A: Yes — RBAC is fully configurable in Enterprise.
Q: Is MFA mandatory?
A: Mandatory for Exec/Finance/Admin roles from Jan ‘26.