Skip to content
Ektasi.
Trust Center

Security enforced in code, not just in a policy PDF.

Every control below is implemented in the platform and exercised by tests — not a promise we ask you to trust. Here is exactly how your data is isolated, encrypted, audited, and, when the time comes, destroyed.

Access & identity

Role-based access control

Granular RBAC governs what every role can see and do across the platform.

Just-in-time elevation

Privileged access is granted on request, time-boxed, and logged — not left standing.

TOTP two-factor

Standards-based TOTP 2FA protects accounts, with enforcement options for admins.

OIDC single sign-on

Act as an OIDC issuer so teams can sign in with a central identity.

Data protection

Per-tenant AES vault

Secrets encrypted with AES-256-GCM using per-tenant, HKDF-derived keys; the derived key is never stored.

Row-level isolation

PostgreSQL row-level security prevents one tenant’s query from reaching another tenant’s data.

Data residency in India

Deploy on Indian infrastructure so personal data stays within the country by design.

Cryptographic erasure

Decommissioning destroys the per-tenant salt, making that tenant’s ciphertext — including backups — permanently unreadable.

Accountability & resilience

Append-only audit ledger

A database-enforced, append-only trail records every sensitive action for forensic review.

Per-tenant kill-switches

Lock or decommission a tenant instantly if something goes wrong.

Backups & restore

Scheduled backups with a documented restore path keep data recoverable.

Self-hosted observability

Error and usage telemetry can run on your own stack, not a third party’s.

System map · Trust Center
Trust Centerone postureAccess & identityData protectionAccountability &resilience
Compliance posture

Honest about where we are.

DPDP readiness. The platform is built to be DPDP-ready by architecture — India data residency, per-tenant encryption, row-level isolation, and an immutable audit ledger. Compliance is a shared responsibility that also depends on how you deploy and operate it.

SOC 2. We operate against SOC 2-aligned controls and maintain internal control playbooks. We will publish attestation status here as it progresses.

Sub-processors & data flows. When you self-host, third-party processors can be reduced to those you choose. A current sub-processor list is available on request.

Proof, not claims

We run our own business — billing, support, and a production license server — on this platform. Uptime is public.

Send us your security questionnaire.

We would rather answer hard questions than dodge them. Request a security review and we will walk your team through the architecture.