Compliance is built in. Not bolted on.
Autroid is engineered for Indian and international regulatory requirements — DPDP Act compliant architecture, GDPR-aligned processing, statutory GST compliance, and SOC 2 Type II readiness.
Regulatory Coverage
Built for regulatory readiness.
From India's data protection law to statutory tax filings, the regulations that govern your business are addressed at the platform level.
DPDP Act (India)
India's Digital Personal Data Protection Act — compliant architecture with consent-aware data processing and no cross-border transfers without consent.
GDPR
Data processing practices aligned with the EU General Data Protection Regulation — access, correction, erasure, and portability rights honored.
GST & E-Invoice
Statutory tax compliance built into the platform — GST-compliant invoicing with E-Invoice and E-Way Bill support across every plan.
SOC 2 Type II
Organizational controls for security, availability, and confidentiality — operating under a SOC 2 Type II readiness framework.
Data Rights
Your data. Your rights.
Access, correction, erasure, portability — your rights under the DPDP Act and GDPR-aligned practice are operational, not aspirational.
Export anytime
Request your business data in a structured, machine-readable format (CSV/JSON). Data export functionality is provided within the platform.
30-day post-cancellation window
After your subscription ends, you have 30 days to request a full data export before organizational data may be permanently deleted.
Deletion requests
Request erasure of your personal data, subject to legal retention requirements — financial records may be retained up to 7 years under Indian GST regulations and the Companies Act, 2013.
Audit & Traceability
Every action. On the record.
Auditability is a first-class property of the platform — from financial postings to user permissions, there is always a trail.
Immutable ledger
Financial transactions use atomic, idempotent writes, and stock movements are recorded in an immutable ledger with audit trails.
Complete audit trail
Every user action is captured in a complete audit trail — combined with module-level RBAC and MFA support, accountability is enforced end to end.
Data Residency
India-first. Mumbai region.
All customer data is stored exclusively in the AWS Mumbai (ap-south-1) region. Autroid is designed for Indian businesses with Indian compliance requirements — your data stays in India, governed by Indian law.
FAQ
Compliance questions, answered.
Is Autroid compliant with India's DPDP Act?
Yes. Autroid is built on a DPDP Act compliant architecture — all customer data is stored in the AWS Mumbai (ap-south-1) region, processed under Indian law, and never transferred cross-border without consent.
Is Autroid SOC 2 certified?
Autroid operates under a SOC 2 Type II readiness framework covering security, availability, and confidentiality controls. We describe this as readiness — not certification — and will update this page as the program progresses.
Where is my data stored?
All customer data is stored exclusively in the AWS Mumbai (ap-south-1) region with daily automated encrypted backups. Your data stays in India, governed by Indian law.
How is my data protected?
Data is encrypted with AES-256 at rest and TLS 1.2+ in transit (HTTPS-only). Access is governed by module-level role-based access control with multi-factor authentication support, and every user action is recorded in a complete audit trail.
Can I export or delete my data?
Yes. You can request your business data in CSV/JSON format at any time, and you have a 30-day export window after cancellation. Deletion requests are honored subject to legal retention requirements, such as the 7-year retention of financial records under Indian GST regulations.
What happens if there is a security incident?
A structured incident response protocol applies: automated monitoring detects anomalies, affected systems are isolated within 30 minutes of detection, and affected users and regulators are notified within 72 hours as required by law, followed by root cause analysis and remediation.
Need the full picture?
Compliance is one half of trust. Review our complete security posture, or talk to our team about your regulatory requirements in detail.