Architecture & Trust
What your CISO needs to see.
What your examiner needs to read.
Full technical architecture, defence-in-depth layers, RBI FREE-AI control mapping, and honest certification status. No marketing. No vague assurances.
The architecture in four numbers.
Eight independent security guarantees.
Each layer operates independently. A failure at one does not cascade to the next — and each guarantee is verifiable by your security team.
| Layer | Name | How it works | What it guarantees |
|---|---|---|---|
| L1 | Transport | TLS 1.3 enforced on all connections; HSTS preloaded | No plaintext data in transit — ever |
| L2 | Identity & session | Phishing-resistant authentication, short-lived tokens, sessions bound to tenant context | Identity verified before any resource is touched |
| L3 | Request authorisation | Every API call validated against tenant context before execution reaches the data layer | No request proceeds without an explicit authorisation check |
| L4 | Least privilege | Database connection demoted to minimum-required role per request; superuser access structurally unavailable to the application | Application code cannot exceed its declared permissions |
| L5 | Storage isolation | Row-level policy enforced at the database engine — not the application — with both read and write guards | Tenant A data is unreachable from Tenant B at the storage layer |
| L6 | Search isolation | Document retrieval scoped to tenant at the index layer before results are returned | No cross-tenant document leakage through search or retrieval |
| L7 | Encryption at rest | Per-tenant encryption keys; PII fields carry a second encryption pass independent of the primary store | A storage dump yields no readable customer data |
| L8 | Audit integrity | Append-only log with cryptographic chaining across every inference and data event; no record can be modified or deleted | Every action is permanently attributable and tamper-evident |
Security controls designed for AI, not retrofitted from the last decade.
AI systems introduce attack surfaces that traditional security frameworks weren't built for. These controls address each one directly.
| Control | Implementation |
|---|---|
| Hallucination mitigation | Answers grounded in retrieved context only; model surfaces uncertainty rather than inventing — every response cites the source it drew from |
| PII auto-redaction | Aadhaar, PAN, IFSC, GSTIN, UPI, mobile — detected and redacted before the model context window is assembled |
| Prompt isolation | User input is structurally separated from system instructions; role boundaries enforced at the prompt layer, not relying on model instruction-following alone |
| Model pinning | Model version locked per tenant tier; behaviour cannot change without an explicit upgrade decision and audit entry |
| Inference audit | Every prompt, retrieved context, and completion stored in an append-only, cryptographically chained audit log |
| Data residency enforcement | All inference routed within India — model calls, embeddings, retrieval — nothing crosses the geographic boundary |
| Spend controls | Per-tenant token budgets with hard limits; anomalous usage patterns trigger alerts before they become incidents |
| Human-in-the-loop | Credit decisions, compliance filings, and audit outputs require explicit human sign-off before any downstream action is taken |
Eight FREE-AI controls mapped to Anvax implementation.
RBI's FREE-AI framework defines governance requirements for AI in regulated financial entities. Here is how Anvax implements each.
| Ref | Control | Anvax implementation | Status |
|---|---|---|---|
| R7 | AI Use-Case Registry | Every AI use case catalogued with business purpose, data inputs, and risk classification — exportable for examiner review | Live |
| R8 | Board oversight docs | Board-level AI governance documentation synthesised automatically from the audit trail | Live |
| R15 | Periodic board reporting | Usage, incident, and risk summaries generated on a defined cadence for board-level visibility | Live |
| R17 | Model version governance | Every model version change logged with date, rationale, and approval; rollback is a single operation | Live |
| R18 | Human gate on high-risk | Credit decisions, compliance filings, and audit outputs require explicit human sign-off before execution | Live |
| R19 | Explainability by design | Every AI output cites the specific source document and retrieval context it drew from — not a post-hoc explanation layer | Live |
| R23 | Immutable inference trail | Cryptographically chained audit log across every inference event; no record can be modified or deleted after the fact | Live |
| R26 | Real-time LLM monitoring | Token usage, latency, error rates, and behavioural anomalies monitored continuously — not sampled | Live |
Architecture commitments your security team can hold us to.
Honest status. No vanity badges.
We list what is live, what is in progress, and when we expect to complete it. No checkmarks for certifications we haven't started.
India's data protection law, implemented by construction.
The Digital Personal Data Protection Act 2023 requires data minimisation, purpose limitation, and breach notification. Anvax satisfies all three at the platform level.
| DPDP requirement | Anvax implementation |
|---|---|
| Data minimisation | Only required fields ingested; PII auto-redacted before LLM context window |
| Purpose limitation | System prompts scoped per role; model cannot deviate from defined purpose |
| Consent record | Consent events logged to append-only audit_log with timestamp and session ID |
| Breach notification | Real-time anomaly detection; security team alert within 15 minutes of detection |
| Data fiduciary obligations | Customer retains ownership; Anvax is data processor; DPA available on request |
| Right to erasure | Tenant data deletion pipeline with cryptographic key destruction for DEK-encrypted fields |
Technical documentation for your security team.
Leave your work email and we'll send the documents directly. No sales call required for security review.
Security architecture brief
12-page PDF covering the full defence-in-depth stack, threat model, encryption architecture, and RBI FREE-AI control mapping. Suitable for CISO review and vendor security assessment.
Penetration test summary
Executive summary of the most recent third-party penetration test. Includes scope, methodology, findings classification, and remediation status. Available under NDA.