Compliance and security
This page explains what ManaSmurti does to protect your data and the compliance standards we hold ourselves to.
Digital Personal Data Protection Act, 2023
ManaSmurti operates as a Data Fiduciary under the DPDP Act, 2023. The controls we implement today, verifiable in our codebase and in our privacy policy:
Appointed Grievance Officer
A named Grievance Officer reachable at grievance@manasmurti.com, with published response and resolution timelines.
Encryption at rest
All conversation content, user emails, API keys, and sensitive personal data are encrypted using AES-256-GCM before being written to the database.
Encryption in transit
All traffic between users and the ManaSmurti platform is encrypted with TLS 1.2 or higher. No plain-text HTTP endpoints.
Consent flows
Clear, affirmative consent at registration, at first corporate login (bill of rights), and on significant policy changes. Every consent is timestamped and version-stamped.
Data subject rights
Users can access, correct, port, erase, and withdraw consent through in-product controls or by contacting the Grievance Officer. Corporate users can also ask how often their cohort has been queried by their HR team.
Breach notification commitment
We commit to notifying affected users and the Data Protection Board of India in the event of any personal data breach, as required by the DPDP Act.
Anonymise-on-delete
When a user deletes their account, personal data is removed and feedback signals are anonymised so they cannot be traced back to any individual.
Data hosted in India
Primary storage is on AWS Mumbai (ap-south-1). Cross-border transfers are limited, disclosed in our privacy policy, and comply with DPDP Act provisions.
Corporate data processing
If your organisation uses ManaSmurti for Teams, a dedicated Data Processing Agreement governs how employee data is handled. It covers HR visibility limits, subprocessor disclosures, employee rights, cancellation handling, and prohibitions on re-identification and retaliation.
Security contact
If you believe you have found a security vulnerability in ManaSmurti, please email security@manasmurti.com. Please give us a reasonable amount of time to respond and to fix the issue before publishing any details. We will acknowledge receipt within 48 hours and keep you updated on our progress. We currently do not run a formal bug bounty programme, but we are genuinely grateful for responsible disclosure.
For general privacy or data-protection questions, use the Grievance Officer contact at grievance@manasmurti.com.