PramaanDPDP Live
Log inGet Verified
Help Center
Trust and DPDP

Security and India-region data

PRAMAAN handles verification data with sensitive-field minimization, redacted support handling, audit trails, and India-region infrastructure where applicable to the current architecture and policies.

2026-05-25
7 min
Security reviewers, buyers, and privacy teams
Compliance
India-region where applicableSensitive data minimizationRedacted supportAudit logs
Key takeaways
  • Do not make absolute data-residency claims unless the current policy explicitly supports them.
  • Do not claim ISO or SOC 2 certification unless certification is live.
  • Keep Aadhaar, PAN, OTPs, and raw documents out of chat and support text.
  • Enterprise reviewers should use trust, legal, and human handoff routes.

Overview

India-region infrastructure

Use the careful published wording: India-region infrastructure where applicable.

Sensitive data minimization

Avoid unnecessary capture and exposure of raw documents or identifiers.

Redacted support

Support should use references and masked evidence rather than raw identity secrets.

Audit logs

Operational records help trace access, changes, and escalation without exposing unnecessary PII.

DSR routes

Data-rights requests should use formal routes.

Trust center links

Security, privacy, DPO, DSR, grievance, and sub-processor pages support review.

Data flow at a high level

  1. 1User or subject enters a guided verification flow.
  2. 2Consent is captured for a stated purpose.
  3. 3Verification processing runs through controlled product or partner paths.
  4. 4Results are shown in dashboard, hosted page, or API surfaces as permitted.
  5. 5Support views should use redaction and references.
  6. 6DSR or grievance routes remain available.

What is kept out of chat

  • Aadhaar
  • PAN
  • OTPs
  • Raw documents
  • Full passport numbers
  • Sensitive screenshots

Enterprise review routes

Trust center

Review trust posture and public pages.

DPA

Review data-processing terms where applicable.

Sub-processors

Review downstream vendor page.

DPO

Escalate privacy questions.

Status

Review current system status.

Changelog

Review developer-facing changes.

Frequently asked questions

Where is PRAMAAN data hosted?

Use the careful published wording: PRAMAAN uses India-region infrastructure where applicable to the current architecture and policies.

Does support see raw documents?

Support should use references and redacted evidence. Raw documents should not be pasted into support chat or free-text fields.

What is redacted?

Sensitive identifiers such as Aadhaar, PAN, OTPs, raw documents, full passport numbers, and sensitive screenshots should be minimized or masked.

How are audit logs used?

Audit logs help trace actions, access, and support handling while avoiding unnecessary personal-data exposure.

Does PRAMAAN have ISO or SOC 2?

Do not treat roadmap targets or review concepts as live certifications. Use public trust pages for current status.

How do I report a vulnerability?

Use the trust or contact route with a safe summary and reproduction details that avoid unnecessary personal data.

Glossary terms

India-region StoragePII RedactionAudit LogSOC 2Pen TestSub-processor
Human handoff

When to talk to a human

Use human handoff for enterprise security reviews, vulnerability reports, DPA questions, or unclear data-residency requirements.

Talk to a humanSearch help first
DSR route

Use formal routes for data rights

Access, correction, erasure, nomination, consent withdrawal, and grievance requests should use DSR, DPO, or grievance pages so scope and handling are tracked.

Start DSR requestFile grievance

Was this helpful?

Feedback helps PRAMAAN improve support answers without collecting raw identity data.

Move safely from answer to action

Use the route that matches the sensitivity of your case. Keep raw documents out of support messages unless a controlled workflow asks for them.

Open trust centerStart DSR requestTalk to a human