Active Compliance
MannSetu maintains compliance with major data protection regulations.
DPDP Act 2023
India Digital Personal Data Protection Act
- Data localization - all data stored in India
- Consent management framework
- Data principal rights supported
- Grievance redressal mechanism
GDPR
EU General Data Protection Regulation
- Privacy by design architecture
- Data minimization principles
- Right to erasure supported
- Data Processing Agreement available
HIPAA
US Health Insurance Portability and Accountability Act
- End-to-end encryption (AES-256)
- Access controls and audit logging
- BAA available for US customers
- PHI handling procedures documented
Certification Roadmap
Our commitment to enterprise-grade security certifications.
SOC 2 Type I
Q2 2026
Service Organization Control - Point in Time Assessment
- Security controls implementation
- Availability monitoring
- Confidentiality measures
- Third-party audit engagement
SOC 2 Type II
Q4 2026
Service Organization Control - Operating Effectiveness
- 6-month observation period
- Continuous monitoring evidence
- Annual audit commitment
- Trust Services Criteria coverage
ISO 27001
Q1 2027
Information Security Management System
- ISMS framework implementation
- Risk assessment methodology
- Security policy documentation
- Certification body engagement
Built for Enterprise Security
Our security-first architecture protects your organization's most sensitive data.
End-to-End Encryption
AES-256 encryption at rest, TLS 1.3 in transit. Zero-knowledge architecture for chat data.
Data Localization
All data hosted in India (AWS Mumbai region). No cross-border data transfer without consent.
Privacy by Design
Anonymous access option. HR sees only aggregate data. Individual chats never exposed.
Data Retention
Configurable retention policies. Right to deletion honored within 72 hours.
Certification timelines are estimates and subject to change based on audit availability and third-party schedules. Last updated: January 2026.