Isolation, accountability, and recovery are release requirements.

Security claims shown here remain factual and evidence-backed; compliance certification is never implied without independent verification.

Tenant and access controls

Restricted database roles, PostgreSQL row-level security, scoped RBAC, host-bound tenant resolution, secure sessions, MFA readiness, and immutable operational audit records.

Private content

Private object storage, expiring signed access, upload checksums, malware quarantine, versioning, and recovery evidence protect institutional files.

Availability and recovery

The India-hosted pilot targets RPO 1 hour and RTO 4 hours, subject to documented restore drills and off-provider encrypted backups.

Architecture and contractual controls

Read the public security architecture, review the support policy, and distinguish the SLA framework from signed commitments.