Security Through
Honesty & Transparency

We are not independently SOC 2 certified yet. However, all your data lives on SOC 2 Type II certified infrastructure — Vercel and Supabase both hold current SOC 2 Type II certifications. We believe being honest about this matters more than pretending. We have DLP, row-level security, encryption at rest and in transit, and immutable audit trails. We plan to pursue independent SOC 2 certification once our Enterprise tier reaches sufficient scale.

Your data is stored on Supabase (backed by AWS) with AES-256 encryption at rest. Your application is served via Vercel's global edge network with TLS 1.3 encryption in transit. Both providers hold SOC 2 Type II certifications. We do not store data on local servers or unencrypted storage.

Aditya Labs does not use customer conversations or business data to train models operated by Aditya Labs. Where the service relies on third-party model providers, their handling is governed by their own terms and configurations.

DLP (Data Loss Prevention) is our real-time scanning engine that automatically detects and blocks sensitive data patterns in conversations — credit card numbers, Social Security numbers, email addresses, phone numbers, API keys, and 13+ other patterns. If a customer accidentally shares their credit card number in chat, our DLP engine blocks it before it is stored or processed.

Yes, with an important caveat: the platform is designed to support GDPR requirements such as data deletion, access controls, data processing agreements, and transparency features. Each customer remains responsible for its own lawful basis, notices, retention choices, and operational compliance in its own deployment.

We maintain incident response procedures designed to support the notification timelines required by applicable law. The exact notification obligations depend on the facts of the incident, the affected data, and whether we are acting as processor, controller, or sub-processor in the relevant workflow.

Yes. DPAs are available on request for all paid plans. Enterprise customers receive a DPA as part of their onboarding. Email hello@adityalabs.ai to request yours.

Yes, with honest caveats. The platform includes controls that can be useful in regulated environments, such as DLP, audit logging, access controls, and human-review workflows. However, we are not HIPAA certified, we do not market the service as a substitute for legal or compliance review, and customers in regulated sectors should complete their own assessment before relying on it.

Many AI startups claim certifications they do not actually hold. We choose honesty. Instead of waving a badge we do not have, we show you exactly how your data is protected — through real technical safeguards (DLP, RLS, encryption), certified infrastructure (Vercel, Supabase), and transparent disclosure. We believe you deserve the truth.

Vercel holds SOC 2 Type II certification and provides DDoS protection, edge caching, and TLS 1.3. Supabase holds SOC 2 Type II certification and provides PostgreSQL with Row Level Security, AES-256 encryption at rest, and automated backups. Stripe (our payment processor) holds PCI DSS Level 1 certification. OpenAI (our AI provider) holds SOC 2 Type II certification.