CmpliHR.ai — AI-Powered Workforce Compliance Intelligence
Security & compliance

Security is the product.

cmplihr.ai is engineered for Indian enterprises handling sensitive statutory records. Data stays in India, tenants are isolated, and every action is auditable.

Data residency in India

All data — primary, replica and backup — stays within Indian regions.

  • India-located primary region
  • In-region backups
  • No cross-border processing
Tenant isolation

Every row, query and object is scoped by tenant ID — enforced at the data layer.

  • Row-level security
  • Tenant-aware service context
  • Default-deny authorisation
Encryption

Envelope encryption with tenant-scoped keys and scheduled rotation.

  • AES-256 at rest
  • TLS 1.2+ in transit
  • KMS-managed data keys
RBAC / ABAC

Fine-grained roles per module, with attribute-based policies.

  • Least-privilege by default
  • SSO-ready (SAML / OIDC)
  • Just-in-time elevation
Audit log

Immutable and exportable, covering every user and system action.

  • Signed event log
  • Who, what, when, where
  • SIEM-ready export
Operational controls

Secure SDLC, isolated environments, change controls and external VAPT.

  • Environment separation
  • Peer code review
  • External VAPT on cadence
Architecture

How a request flows through the platform.

Every request crosses tenant-aware boundaries before reaching encrypted, in-region storage — with a signed audit trail and human sign-off on every consequential output.

data-flow · request → tenant-scoped store
User browser
Inside customer estate
TLS 1.2+
Edge / WAF
HSTS · CSP · rate-limit
mTLS
App tier
Tenant-aware context
India region · primary, replica, backup
KMS
Tenant-scoped DEKs
envelope
Encrypted store
AES-256 at rest · RLS
streamed
In-region backup
Point-in-time recovery
Signed audit log
Immutable · SIEM-ready export
Reviewer sign-off
Human-in-the-loop on every output
All boundaries enforce default-deny authorisation.
Customer data is never used to train third-party models.
Every action is signed: who, what, when, where.
Posture & certifications

Certifications on roadmap. Statutory alignment, today.

cmplihr.ai is designed against recognised information-security frameworks. Certifications are in active build; statutory alignment is operational today.

ISO/IEC 27001
ISMS in active build
SOC 2 Type II
Designed against TSC
DPDP Act, 2023
Aligned today
External VAPT
On a defined cadence