Trust & Compliance
We take the security of your data and conversations seriously. Here's how we protect every call, every transcript, and every piece of information.
Audited annually for security, availability, and confidentiality controls.
All data encrypted at rest using industry-standard AES-256 encryption.
All data stored in India (Mumbai region) complying with local regulations.
Full compliance with GDPR data protection requirements for global users.
Information security management system certified to international standards.
Our infrastructure runs on enterprise-grade cloud providers with multi-region redundancy. All servers are hosted in India (Mumbai and Hyderabad regions) to ensure data sovereignty and low-latency performance. Network traffic is protected by Web Application Firewalls (WAF) and DDoS mitigation services.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Voice recordings and transcripts are encrypted with customer-specific keys. API communications use short-lived JWT tokens with automatic rotation.
We implement role-based access control (RBAC) with the principle of least privilege. All administrative access requires multi-factor authentication. Employee access to production systems is logged and audited regularly.
We conduct regular penetration testing and vulnerability assessments. Our development process includes automated security scanning in CI/CD pipelines. We maintain a responsible disclosure program for security researchers.
If you discover a security vulnerability, please report it responsibly to security@vaanilabs.in. We commit to acknowledging reports within 24 hours and providing updates within 72 hours.