Trust Center

Security & Compliance

Name: Aditya Labs AI Agent Platform
Author: Aditya Labs

Aditya Labs is built on trusted, certified infrastructure. Your data is encrypted, protected, and never used for AI training.

Data Processing Agreement Privacy Policy Security Policy System Status

Compliance Certifications

GDPR

Designed For

Platform designed to support GDPR requirements (data rights, DPA, breach notification). Not independently audited.

Since: 2024

EU AI Act

Designed For

AI transparency and disclosure built in. Limited-risk classification. Not independently audited.

Since: 2025

CCPA / CPRA

Designed For

Platform supports CCPA/CPRA rights (access, deletion, no data sale). Not independently audited.

Since: 2024

PCI DSS

Via Stripe

Payment processing handled entirely by Stripe (PCI DSS Level 1 certified). Aditya Labs does not store card data.

Since: N/A

SOC 2 Type II

In Progress

Service Organization Control audit — targeting Q3 2026 completion

Since: 2026 Q3

ISO 27001

Planned

Information security management system — roadmap item

Since: 2026 Q4

HIPAA

Not Certified

Platform is not HIPAA certified and we do not sign BAAs. Our dental product avoids storing PHI.

Since: N/A

ISO 42001

Planned

AI management system — roadmap item aligned with EU AI Act principles

Since: 2027

Security Practices

Data Encryption

✓AES-256 encryption at rest via Supabase (AWS)
✓TLS 1.3 for all data in transit via Vercel
✓Database-level encryption managed by Supabase
✓Automated backups via Supabase

Access Control

✓Role-based access control (RBAC) for dashboard users
✓Google OAuth authentication via Supabase Auth
✓API key management
✓Session management with automatic timeout

Infrastructure

✓Hosted on Vercel Edge Network (AWS-backed)
✓Supabase PostgreSQL with Row Level Security
✓DDoS protection via Vercel/Cloudflare
✓Infrastructure uptime backed by Vercel and Supabase SLAs

AI Safety

✓Built-in PII Firewall — detects and redacts 13+ sensitive data patterns
✓Data Loss Prevention (DLP) engine for real-time scanning
✓AI disclosure in all chatbot conversations (EU AI Act transparency)
✓Knowledge-base-grounded responses to reduce hallucination
✓Jailbreak and prompt injection detection

Monitoring & Incident Response

✓Automated infrastructure monitoring via Vercel and Supabase
✓Audit logs for data access and modifications
✓Breach notification within 72 hours (GDPR Article 33)
✓Incident response procedures documented

Data Privacy

✓Data hosted in US (Supabase/AWS). EU residency planned.
✓Right to deletion / data portability supported
✓Data processing agreements (DPA) available on request
✓No training on customer data — your data stays yours
✓90-day chat data retention with auto-purge

SOC 2 Type II Roadmap

We are actively pursuing SOC 2 Type II certification. Here is our timeline.

Phase 1: Internal Assessment

In ProgressQ1-Q2 2026

Identifying control gaps and documenting security policies.

Phase 2: Control Implementation

PlannedQ2-Q3 2026

Implementing required security controls, policies, and procedures.

Phase 3: Readiness Assessment

PlannedQ3 2026

Pre-audit review with external auditor to validate readiness.

Phase 4: Audit Period

PlannedQ4 2026

3-6 month observation period by certified auditor.

Phase 5: Report Issuance

Planned2027

SOC 2 Type II report issued and available to enterprise customers.

Sub-processors

Provider	Purpose	Location
Vercel	Application hosting and edge network	US / Global CDN
Supabase	Database, authentication, real-time subscriptions	US (AWS)
OpenAI	AI model provider for chatbot responses	US
Stripe	Payment processing and billing	US / EU
Resend	Transactional email delivery	US
Twilio	SMS and WhatsApp message delivery	US / Global
Meta (Facebook)	Instagram DM and Messenger APIs	US / EU
Telegram	Telegram Bot API	Global

Security Questions?

Our security team is happy to answer questions, provide documentation, or discuss your specific compliance requirements.

Contact Security Team Download DPA

Compliance Certifications

GDPR

Designed For

Platform designed to support GDPR requirements (data rights, DPA, breach notification). Not independently audited.

Since: 2024

EU AI Act

Designed For

AI transparency and disclosure built in. Limited-risk classification. Not independently audited.

Since: 2025

CCPA / CPRA

Designed For

Platform supports CCPA/CPRA rights (access, deletion, no data sale). Not independently audited.

Since: 2024

PCI DSS

Via Stripe

Payment processing handled entirely by Stripe (PCI DSS Level 1 certified). Aditya Labs does not store card data.

Since: N/A

SOC 2 Type II

In Progress

Service Organization Control audit — targeting Q3 2026 completion

Since: 2026 Q3

ISO 27001

Planned

Information security management system — roadmap item

Since: 2026 Q4

HIPAA

Not Certified

Platform is not HIPAA certified and we do not sign BAAs. Our dental product avoids storing PHI.

Since: N/A

ISO 42001

Planned

AI management system — roadmap item aligned with EU AI Act principles

Since: 2027

Security Practices

Data Encryption

✓AES-256 encryption at rest via Supabase (AWS)
✓TLS 1.3 for all data in transit via Vercel
✓Database-level encryption managed by Supabase
✓Automated backups via Supabase

Access Control

✓Role-based access control (RBAC) for dashboard users
✓Google OAuth authentication via Supabase Auth
✓API key management
✓Session management with automatic timeout

Infrastructure

✓Hosted on Vercel Edge Network (AWS-backed)
✓Supabase PostgreSQL with Row Level Security
✓DDoS protection via Vercel/Cloudflare
✓Infrastructure uptime backed by Vercel and Supabase SLAs

AI Safety

✓Built-in PII Firewall — detects and redacts 13+ sensitive data patterns
✓Data Loss Prevention (DLP) engine for real-time scanning
✓AI disclosure in all chatbot conversations (EU AI Act transparency)
✓Knowledge-base-grounded responses to reduce hallucination
✓Jailbreak and prompt injection detection

Monitoring & Incident Response

✓Automated infrastructure monitoring via Vercel and Supabase
✓Audit logs for data access and modifications
✓Breach notification within 72 hours (GDPR Article 33)
✓Incident response procedures documented

Data Privacy

✓Data hosted in US (Supabase/AWS). EU residency planned.
✓Right to deletion / data portability supported
✓Data processing agreements (DPA) available on request
✓No training on customer data — your data stays yours
✓90-day chat data retention with auto-purge

SOC 2 Type II Roadmap

We are actively pursuing SOC 2 Type II certification. Here is our timeline.

Phase 1: Internal Assessment

In ProgressQ1-Q2 2026

Identifying control gaps and documenting security policies.

Phase 2: Control Implementation

PlannedQ2-Q3 2026

Implementing required security controls, policies, and procedures.

Phase 3: Readiness Assessment

PlannedQ3 2026

Pre-audit review with external auditor to validate readiness.

Phase 4: Audit Period

PlannedQ4 2026

3-6 month observation period by certified auditor.

Phase 5: Report Issuance

Planned2027

SOC 2 Type II report issued and available to enterprise customers.

Sub-processors

Provider	Purpose	Location
Vercel	Application hosting and edge network	US / Global CDN
Supabase	Database, authentication, real-time subscriptions	US (AWS)
OpenAI	AI model provider for chatbot responses	US
Stripe	Payment processing and billing	US / EU
Resend	Transactional email delivery	US
Twilio	SMS and WhatsApp message delivery	US / Global
Meta (Facebook)	Instagram DM and Messenger APIs	US / EU
Telegram	Telegram Bot API	Global