TrueSecurixTrueSecurix
Compliance

Compliance and data residency

This page summarises how TrueSecurix handles data and where our compliance posture stands, so your compliance and legal teams can evaluate us quickly. We describe only what is true today and mark clearly anything we are still building toward.

Data residency

The Service runs on infrastructure hosted in India (Microsoft Azure, India region). Verification traffic is processed in India. Data is not transferred out of India for processing in the normal course of the Service.

Data minimisation: we do not keep your users' images

Selfies, ID images and statement PDFs submitted for a check are analysed in memory and are never written to disk as files. For each input we retain only a one-way SHA-256 hash plus the score and decision, so a customer can later prove which exact file produced a given verdict without us holding the file itself. Raw government ID numbers are not stored; document figures used in reconciliation are rounded so an exact private amount is not retained.

India DPDP Act, 2023

Our practices are aligned with the Digital Personal Data Protection Act, 2023. In an engagement we act as a data processor on behalf of the customer (the data fiduciary):

RBI KYC directions

TrueSecurix is a fraud-detection and forensics layer that supports a regulated entity's own KYC and Video-based Customer Identification Process (V-CIP). It is designed to strengthen a regulated entity's onboarding by catching deepfake selfies, tampered documents and injection attempts. It is not itself a substitute for the regulated entity's KYC obligations, government-source verification (for example UIDAI or NSDL), or record-keeping duties, which remain with the regulated entity. Processing in India supports data-localisation expectations for such data.

Your data rights, built in

RightHow to exercise it
Access / export your dataSelf-serve export from the dashboard, or on request.
Delete your account and dataSelf-serve account deletion from the dashboard.
Data Processing AgreementAvailable on request at contact@truesecurix.com.
Sub-processor listPublished on the Security page.

What we do not claim

We do not currently hold SOC 2 or ISO/IEC 27001 certification, and we do not claim to. We are building toward independent certification and are glad to share our security controls and complete your questionnaire in the meantime. A third-party vulnerability assessment and penetration test (VAPT) can be arranged and shared under NDA.

Questions for your compliance team? Write to contact@truesecurix.com.