SECURITY & COMPLIANCE

Your documents, processed and purged.

Encryption everywhere, API-key access, regional processing, and automatic purge after processing — engineered to support GDPR, UK GDPR, India's DPDP Act, and POPIA for customers worldwide.

HOW WE PROTECT YOUR DATA

Security built into every request

Encryption everywhere

TLS 1.3 in transit and AES-256 at rest. API requests are authenticated with secret keys you control and can rotate.

Auto-purge after processing

Submitted documents are processed transiently and purged automatically once your result is returned. We do not retain Customer Content or use it to train models.

Regional processing

Documents are processed on GCP Mumbai for India and Johannesburg for Africa / ME, so data stays within the customer's region. Enterprise can request specific regions.

Access control

Per-organisation API keys, scoped access, and audit-friendly request logging. Enterprise adds SSO and advanced controls.

Resilient & monitored

99.5% uptime SLA with monitoring and alerting. Enterprise deployments add high availability, custom RTO/RPO, and on-premise options. [PLACEHOLDER: hosting/cert detail]

Data minimisation

We process only what is needed to fulfil the request and return structured output — no long-term document storage on pay-as-you-go.

REGULATORY ALIGNMENT

Designed for global data-protection law

Abscode Document AI is built to help you meet your obligations. Certifications held by Abscode are listed below.

GDPR & UK GDPR

DPA with Standard Contractual Clauses (and UK Addendum) for transfers to India, support for data-subject rights, and breach notification. Abscode has no EU/UK establishment; an Article 27 representative is appointed where required. [PLACEHOLDER]

DPDP Act 2023 (India)

Notice-and-consent handling, purpose limitation, and support for Data Principal rights under India's Digital Personal Data Protection Act.

POPIA (South Africa)

Processing aligned to POPIA's lawful-processing conditions, with operator agreements and data-subject request support, processed on Africa-region infrastructure.

Certifications

[PLACEHOLDER: list any certifications Abscode itself holds, e.g. ISO 27001 / SOC 2, and target dates.]

Sub-processors

We use a small number of vetted sub-processors under data-protection contracts: cloud hosting (Google Cloud — Mumbai and Johannesburg) and payment processing (Razorpay for India, Stripe globally). A current list is available on request.

Data Processing Agreement (DPA)

A DPA — including SCCs for international transfers — is available to customers. Request it at privacy@abscode.com.

Report a vulnerability

We welcome responsible disclosure. Email security@abscode.com [PLACEHOLDER: confirm security inbox] and please do not publicly disclose until we have responded. For confirmed personal-data breaches we notify affected customers and authorities within the timelines required by GDPR, DPDP, and POPIA.

Read our Privacy Policy