NeuDocIQRequest a Demo
Security

Government-grade security, by default.

NeuDocIQ processes sensitive government and enterprise documents. Our security architecture is designed for the strictest requirements — not as an upgrade tier, but as the baseline for every deployment.

Security architecture

End-to-end protection at every layer

Data Encryption

  • AES-256 encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Encrypted document storage with per-tenant keys
  • Key management with customer-managed key (CMK) option for enterprise

Deployment Options

  • SaaS cloud deployment (Mumbai region)
  • On-premise deployment within your data centre
  • Air-gapped deployments for classified government environments
  • Hybrid deployment with isolated processing nodes

Access Control

  • Role-based access control (RBAC) with fine-grained permissions
  • SSO / SAML 2.0 integration for enterprise identity providers
  • Multi-factor authentication (MFA) enforcement
  • Session management with configurable timeout policies

Audit & Compliance

  • Immutable audit trail for every document and API call
  • Tamper-evident logs for compliance and regulatory review
  • Configurable log retention (90 days to indefinite)
  • Export-ready audit reports in PDF and JSON

Network Security

  • IP allowlisting for API access
  • Private VPC deployments with no public ingress
  • DDoS protection and rate limiting at the API gateway
  • mTLS support for service-to-service authentication

Vulnerability Management

  • Regular VAPT (Vulnerability Assessment and Penetration Testing)
  • Dependency scanning and automated CVE monitoring
  • Responsible disclosure policy for security researchers
  • Patch SLA: Critical — 24 hours; High — 7 days
Data handling

Your documents stay yours.

Documents submitted to NeuDocIQ are processed and then discarded — we do not retain document content beyond the processing window unless your configuration explicitly enables storage.

For enterprise and on-premise deployments, documents never leave your infrastructure. The NeuDocIQ processing engine runs entirely within your network boundary.

We do not use customer document data to train or improve our models. Extracted data and metadata belong to you and can be purged on demand via the API.

Document retentionProcessing window only (configurable)
Training data useNever — customer data is never used for training
Data residencyIndia (AWS Mumbai) for cloud; your infra for on-prem
Data deletionOn-demand via API or dashboard, within 24 hours
Sub-processorsListed and contractually bound
Compliance

Certifications and standards

DPDP Act 2023 CompliantIndia's Digital Personal Data Protection Act
Active
Data residency — IndiaAll cloud data stored in AWS Mumbai (ap-south-1)
Active
On-premise / air-gappedAvailable for government and classified deployments
Active
SOC 2 Type IICertification in progress — expected 2026
In progress
ISO 27001Certification in progress — expected 2026
In progress

Need a security review?

We work with enterprise security teams to complete vendor assessments, share penetration test reports, and configure deployments to meet your specific security requirements.

Request a security reviewDPDP compliance details