Encryption & keys
AES-256, TLS 1.3, HSM-backed KMS.
- AES-256 at rest
- TLS 1.3 in transit
- HSM-backed keys
Security & compliance
Built like the bank vault. Runs like a teammate.
ISO 27001 + SOC 2 + CERT-In + DPDP. Hash-chained audit trail on every action. Sovereign deployment in 13 regions including air-gapped on-prem.
Trust pillars
Built-in. Audited. Enforced on every action.
Each pillar is independently audited and enforced live in production. Reports and certificates available under NDA.
Hash-chained audit trail
Signed, sealed, replayable on every action.
a3f8b7c2
9d4e1f08
7b2c6a91
Signed · CARO + Companies Act ready
PII redaction
PAN, Aadhaar, GSTIN masked before inference.
PAN
ABCDE1234F
raw
PAN
█████████
masked
Sovereign residency
13 regions, sovereign India, on-prem, air-gap.
India · Mumbai
ap-south-1
sovereign
Yotta
CtrlS
AWS
Azure
+ 12 more regions · on-prem · air-gap
-
ISO 27001 ISMS
Independent annual audit. Surveillance every 12 months.
-
Your data, your training
We never train on customer data. Contractually committed.
-
Responsible AI
Bias monitoring, content safety, fairness. All toggleable per agent.
-
Hallucination guardrails
Citation enforcement, confidence scoring, low-conf block policy.
Compliance
Certifications and frameworks we operate under.
Independent audits, regulator-grade artefacts, and a public stance we keep current. Reports and DPAs available under NDA.
Active
Flagship cert
ISO/IEC 27001:2022
Information security management system certified by independent auditors.
Latest surveillance · Aug 2026Audit profile
ISO/IEC 27001:2022
- Body
- BSI
- Renewal
- Annual surveillance
- Scope
- All Ajuni production environments
Certificate available under NDA
PDF · 1.2 MB
-
SOC 2 Type II
ActiveSecurity, availability, confidentiality trust services.
- Body
- AICPA
- Coverage
- 12 months
-
CERT-In empanelled
CompliantIndia's national cyber incident response empanelment.
- Body
- MeitY · CERT-In
- Status
- Active panel
-
DPDP Act 2023
CompliantIndia's Digital Personal Data Protection Act compliance.
- Coverage
- Data fiduciary obligations
- Audit
- Quarterly
-
HIPAA
In progressHealthcare data privacy and security (US).
- Stage
- Final assessment
- Target
- Q3 2026
-
GDPR
CompliantEU data protection regulation compliance.
- Region
- EU/EEA
- DPA
- Available on request
SLA
Service-level commitments by tier.
Written into every contract. Service credits paid out automatically on breach. No claim form required.
-
Pilot
First-agent pilots and proofs of concept.
- Uptime
- 99.5%
- Response
- 8 business hours
- Recovery
- RPO 24h · RTO 8h
- Credits
Automated credit on breach -
Business
Production agents across multiple functions.
- Uptime
- 99.9%
- Response
- 4 business hours
- Recovery
- RPO 4h · RTO 2h
- Credits
- 10% MRR / breach
Automated credit on breach -
Enterprise
RecommendedMission-critical agents under regulator oversight.
- Uptime
- 99.99%
- Response
- 1h · 24/7
- Recovery
- RPO 15min · RTO 30min
- Credits
- 25% MRR / breach
Automated credit on breach
Deployment
13 regions. Plus on-prem and air-gap.
Deploy where your regulators say so. VPC on the major hyperscalers, sovereign options for India, or fully on-prem.
-
ap-south-1MumbaiIndia
- Sovereign
- AWS
- Azure
- Yotta
- CtrlS
-
in-southBengaluruIndia
- GCP
- OCI
-
ap-southeast-1SingaporeSingapore
- AWS
- Azure
- GCP
-
eu-central-1FrankfurtGermany
- AWS
- Azure
- GCP
-
eu-west-2LondonUK
- AWS
- Azure
-
eu-west-1DublinIreland
- AWS
-
us-east-1VirginiaUSA
- AWS
- Azure
- GCP
-
us-west-2OregonUSA
- AWS
- GCP
-
me-central-1DubaiUAE
- AWS
- Azure
-
me-south-1BahrainBahrain
- AWS
-
ap-southeast-2SydneyAustralia
- AWS
- Azure
-
ap-northeast-1TokyoJapan
- AWS
- GCP
On-prem & air-gap
· Fully isolated deployment for the strictest regulators.
Got a security questionnaire? We'll send it back signed today.
DPA, SOC 2 Type II, ISO 27001, sub-processor list, pen-test summary. Every artefact your procurement team will ask for. All under NDA.