SECURITY & COMPLIANCE

Your workforce data never leaves your environment. That is the architecture.

Siwaan is built local-first by design. Every model runs inside your infrastructure. No cloud egress. No third-party APIs. No data ever transmitted to Siwaan servers.

SOC 2 Type II Audited GDPR & DPDP Compliant Zero Cloud Data Transfer
ZERO-EGRESS AGENT

The only AI platform with true on-premise inference

Most HR tech requires exporting sensitive data to external AI clouds. Siwaan runs Qwen2 LLM, spaCy NLP pipeline, and Sentence-Transformer embedding sets locally on your own CPU/GPU nodes.

The local agent syncs directly with your HRMS database. The only network call made to Siwaan cloud servers is for basic subscription state and user dashboard settings metadata — never raw employee logs.

LOCAL CONTAINER AGENT FLOWSecure Instance
1HRMS/Database Sync (Local DB Read)
2Local NLP Extraction (WSR & Survey text parsed by spaCy)
3Local Inference (Qwen2 and SHAP weights calculated in CPU container)
4Local Dashboard Render (Only configuration metadata sent to Siwaan Cloud)
* Zero plain-text payroll exits the perimeterVerified Compliant
SECURITY CONTROLS

Enterprise security controls built-in

SOC 2 Type II Audited

Independent audit of our security control design, operation, and operational safety. Report and trust package is available to enterprise clients under standard NDA.

GDPR & DPDP Compliance

Fully compliant with the European Union GDPR and India's DPDP Act 2023. Granular mechanisms allow complete deletion of employee records directly from local nodes.

Encryption by Customer Keys

All persistent metadata data in the dashboard is encrypted with customer-managed keys (CMK) at rest (AES-256) and in transit (TLS 1.3). We never hold raw master keys.

Granular RBAC Audit Logs

Enforce strict role-based access controls across the platform. Scoped roles separate Admins, HRBPs, and Managers, with fully auditable access logs logged to local storage.

RESPONSIBLE DISCLOSURE

Security Vulnerability Response

We take security seriously. If you discover a vulnerability or leak in any of our packages, please contact our response team immediately at security@siwaan.com. We acknowledge receipt within 24 hours and patch high-severity CVEs within 7 days.

Request our SOC 2 Report & Questionnaire

Our detailed security architecture documents and standard CAIQ security questionnaires are ready for your security evaluation team.