Skip to content

Trust & compliance

Compliance & security

NRD is designed from the ground up for the regulatory environment that Indian insurers operate in. What follows is not a checklist — it is how the system is built.

Built for a regulated buyer

India-resident · audit-logged · isolated

Data stays in India

All claimant data processed and stored in ap-south-1 (Mumbai). Consent manager, retention TTLs, 72-hour breach workflow.

DPDPA 2023

CERT-In aligned

180-day log retention, 6-hour incident reporting, NTP-synced clocks, continuous monitoring.

CERT-In 2022

Encrypted per-tenant

AES-256 at rest via customer-managed KMS keys. Immutable audit archive on Object-Lock (WORM).

KMS · WORM

Hard tenant isolation

Your claim file never touches another insurer's tenant. Lanes stay separate — enforced, not promised.

per-insurer

Chain of custody

Every retrieved document carries a tamper-evident, timestamped, court-ready certificate.

BSA S.63
DPDPA 2023

Digital Personal Data Protection Act

India's DPDPA 2023 requires that personal data be processed lawfully, for a specified purpose, and kept only as long as necessary. NRD is built around these obligations.

  • Data residency — ap-south-1

    All claimant personal data is stored and processed in the AWS Mumbai region (ap-south-1). No personal data crosses India's border.

  • Consent management

    Consent is captured at intake and associated with each data subject record. Purpose is declared at collection and cannot be changed without fresh consent.

  • Retention TTLs

    Active claim records are retained for 7 years (standard limitation period). Data marked for deletion is purged on schedule with a logged audit trail.

  • 72-hour breach workflow

    If a breach is detected, a structured incident workflow begins immediately. The DPDPA-required notification is dispatched within 72 hours of confirmation.

CERT-In 2022

CERT-In Directions

India's Computer Emergency Response Team directions (April 2022) require organisations to maintain logs, report incidents and keep clocks synchronised. NRD meets these requirements operationally, not by policy alone.

  • 180-day log retention

    API access logs, CloudTrail events, Lambda invocation logs and VPC flow logs are retained for a minimum of 180 days in tamper-evident storage.

  • 6-hour incident reporting

    Any qualifying security incident triggers the CERT-In reporting workflow. The 6-hour reporting clock is tracked automatically from detection.

  • NTP-synchronised clocks

    All infrastructure is synchronised to an authoritative NTP source. Timestamps in evidence certificates, audit logs and chain-of-custody records are reliable.

  • Continuous monitoring

    CloudWatch alarms, GuardDuty and structured log analysis run continuously. Anomalies alert an on-call engineer within minutes.

Encryption & immutability

KMS encryption + WORM audit archive

Data at rest is encrypted with AES-256 using customer-managed KMS keys. Each insurer tenant has its own key. The audit archive uses S3 Object Lock (WORM) so records cannot be altered or deleted once written.

AES-256

Encryption at rest

Every object in every S3 bucket is encrypted with a per-tenant customer-managed KMS key.

WORM

Immutable audit archive

S3 Object Lock in compliance mode prevents deletion or overwrite of audit records for the retention period.

TLS 1.3

Encryption in transit

All connections between client, CDN and origin enforce TLS 1.3. Older protocol versions are rejected.

Isolation

Per-insurer hard isolation + lane partition

NRD enforces per-insurer hard tenant isolation so one insurer's claim data is never readable by another. Insurer and lawyer lanes are also kept strictly separate — they share a network only at the point of official disclosure.

  • Separate KMS keys per tenant

    An insurer's KMS key cannot decrypt another tenant's data, even if the same Lambda function handles both.

  • DynamoDB row-level isolation

    Every DynamoDB record carries an insurer-tenant partition key. IAM conditions prevent cross-tenant reads at the API level.

  • S3 prefix isolation

    Each insurer's documents live under a dedicated S3 prefix with bucket policies that block cross-tenant access.

  • Lane partition

    Insurer and lawyer workflows use separate API routes, separate data models and separate IAM roles. They converge only via explicit, logged disclosure events.

Every document, provably itself.

From the moment a record is retrieved, NRD hashes it, timestamps it, and locks it. If a single byte changes, the certificate breaks. You can hand it to a tribunal and prove it is the original — admissible under the Bharatiya Sakshya Adhiniyam, Section 63.

Verifiable · timestamped · locked 7 years
Retrieved
Hashed
Sealed
documentCLM-20413_FIR.pdf
sha-256a1f3…9e2c
sealed2026-05-22 14:08 IST
status✓ verified · locked
Sub-processors

Sub-processor list

NRD uses a small, fixed list of sub-processors. All personal data processing by sub-processors is governed by a Data Processing Agreement and, where applicable, is restricted to ap-south-1.

Sub-processor Purpose Location Personal data
Amazon Web Services (AWS) Compute, storage, database, KMS, SES, CloudTrail ap-south-1 (Mumbai) Yes — primary processor
AWS Bedrock (Amazon Nova) Structured extraction and evidence summarisation ap-south-1 / us-east-1 (inference profile) Yes — claim documents
Google Fonts (CDN) Font delivery for the marketing website only Global CDN IP address (log-free mode)
Twilio / WhatsApp Business API Lawyer intake channel (record requests) India edge Phone number, message text

Sub-processor list last updated 2026-05-22. Changes are notified to customers with 30 days' notice.

Need a full security overview for your InfoSec team? Security overview available on request — contact us.

Talk to us about your compliance requirements.

We'll walk your InfoSec and legal teams through the architecture.

Request a pilot