Document · v2026.05 Currently aligned

Security is our architecture, not our afterthought.

Last reviewed: 2026-Q2 · Next review: 2026-Q3

OwnAI runs on your hardware, in your server room. We can't see your data in production because we're not in the loop.

VERSIONv2026.05
LAST REVIEWED2026-Q2
NEXT REVIEW2026-Q3
OWNERRishi Tode · Founder & CEO
§2 · Data flow

Two phases, two threat models, two diagrams.

Training is ephemeral and cloud-bound. Production is steady-state and on-prem. The two never touch.

Panel A · Training phase EPHEMERAL · CLOUD

Your storage → TLS 1.3 upload → Reyatech-managed cloud GPU (encrypted volume) → fine-tuning → adapter export → TLS 1.3 download → your storage. Cloud volume destroyed within 7 days of adapter delivery. Certificate of destruction signed and emailed.

Training-phase data flow CUSTOMER storage/ Source docs SOPs · batch records storage/ Adapter file ~50–200 MB REYATECH CLOUD · EPHEMERAL runpod/a100-80g LoRA training Axolotl · DeepSpeed Encrypted volume Destroyed ≤ 7 days cert-of-destruction.pdf TLS 1.3 upload adapter
cert-of-destruction.pdf signed within 7 days

Panel B · Production phase STEADY-STATE · ON-PREM

Customer end-user → Customer LAN → Caddy (TLS) → LiteLLM → Ollama/vLLM (local model + adapter) → Langfuse (local audit) → response back to user. No outbound calls. Air-gap supported.

Production-phase request flow CUSTOMER LAN · AIR-GAP READY End user caddy/ TLS proxy litellm/ Gateway inference/ Ollama / vLLM + your adapter langfuse/ Audit log NO EGRESS
100% on-prem air-gap supported

In production, ZERO data leaves your building.

§3 · Compliance matrix

The load-bearing table.

Every claim maps to a regulation, a control, and an evidence artefact your auditor can request. Rows on amber are roadmap items; rows on white are currently aligned.

Compliance matrix · v2026.05 · regenerated quarterly
Regulation / Standard Requirement How OwnAI Satisfies It Evidence Artefact
DPDPA 2023§8
Processor obligations. On-prem deployment, customer-defined DPA, no cross-border transfer. signed-dpa.pdf · system-architecture.pdf
DPDPA Phase 3binding 13 May 2027
Notice, security, breach, retention, DPO, transfer. Configurable retention + on-prem logs + named DPO at customer. phase3-readiness-checklist.pdf
Schedule Mrevised 2024
ALCOA+ data integrity. NTP-disciplined log, immutable Langfuse, hash-anchored entries. alcoa-matrix.pdf
21 CFR Part 11§11.10
System access + audit trail. Keycloak RBAC + Langfuse log. access-control-report.pdf · log-sample.jsonl
21 CFR Part 11§11.30
Electronic signatures. Optional · integrated with customer CA / HSM. e-sig-configuration-spec.pdf
GAMP 5 / CSVCategory 4
Validation lifecycle. Frozen production model + IQ / OQ / PQ artefacts per release. validation-dossier-v{n}.pdf
RBI IT Outsourcing MD§11(g) · 10 Apr 2023
Source-code escrow. Day-1 escrow with neutral third party (e.g. NCC Group / Iron Mountain). escrow-agreement.pdf
RBI IT Outsourcing MD§16(m–o)
Audit rights. Walk-in audit on customer hardware. No vendor intermediation. audit-walk-in-runbook.pdf
RBI §17(8)6-hour incident reporting
6-hour customer incident reporting. On-prem Langfuse → customer SIEM webhook. No vendor in path. siem-integration-spec.pdf
RBI FREE-AIAug 2025 · consultative
Explainability · auditability · traceability. RAG citations + Langfuse + adapter version registry. free-ai-alignment-statement.pdf
ISO 27001roadmap
ISMS. Readiness assessment 2026-Q4 — tracked alongside SOC 2. iso27001-roadmap.pdf
SOC 2 Type IIroadmap
Trust services criteria. Readiness assessment 2026-Q4 · attestation target 2027-Q3. soc2-roadmap.pdf
§4 · Security controls

Six control families. One claim each.

Data Encryption
AES-256 at rest (Restic + LUKS where applicable). TLS 1.3 in transit — training phase only; production traffic stays on customer LAN.
Access Control
Keycloak RBAC · SAML / OIDC SSO federated to customer IdP · MFA required for any admin or model-refresh role.
Audit Logging
Every prompt/response logged to Langfuse on-prem. Log integrity validated via hash chain. No edit path in production.
Network Isolation
No outbound connections from production. Air-gap deployment supported on request — Caddy/Keycloak/Langfuse all bind to internal interfaces only.
Model Integrity
Frozen production models. Version-controlled adapters. Hash-pinned releases — runtime refuses to load anything outside the registry.
Backup & Recovery
Restic incremental encrypted backups. Tested restore procedure. RPO 24h default (configurable). RTO 4h default.
§5 · Vulnerability management

Patching cadence by severity, scanning on every release.

Dependency scanningevery release
CVE checks across all open-source components in the stack — Ollama, vLLM, LiteLLM, Qdrant, Langfuse, Keycloak, Caddy, Prometheus, Grafana, Restic.
Per release
Penetration testingannual + per major release
Annual third-party pen-test. Additional test after every major release change. Summary report shareable under NDA.
Annual + Δ
Responsible disclosureRFC 9116
PGP key published at /.well-known/security.txt. Disclosure inbox privacy@reyatech.com. SLA: acknowledgement within 24h.
/security.txt

Patching cadence

Normal severity
Monthly
Routine patches batched into the monthly cycle. Customer notified ahead of any production-impacting change.
High · CVSS ≥ 7.0
≤ 7 days
Out-of-band patch with change-control record. Customer notified before deploy.
CISA KEV · actively exploited
≤ 24 hours
Emergency patch with post-incident review. Notification to customer within the same window as the deploy.
§6 · Incident response

Detection on your hardware. Clock starts when your SIEM sees the event.

Detectionon-prem
Prometheus alerts on latency, error rate, resource anomalies. Langfuse anomalies — e.g. PII regex hits, unauthorised role access, prompt-rate spikes.
On your SIEM
Response SLAper AMC tier
Sev-1 / Sev-2 / Sev-3 thresholds defined per AMC tier; named on-call engineer during business hours.
AMC-defined
Customer notificationregulatory clocks
Inside the RBI §17(8) 6-hour window and the DPDPA 72-hour Significant Personal Data breach window. Both clocks start when your SIEM raises the alert.
6h / 72h
Vendor-out-of-loopby construction
Because the system runs on your infrastructure, your SIEM sees events first. The 6-hour clock is yours to manage — no offshore queue between event and reporting.
Your clock
§7 · BCP & DR

Recovery targets, defaults, and what's configurable.

RPOrecovery point objective
Default 24 hours. Configurable down to 1 hour with continuous-backup mode.
24h → 1h
RTOrecovery time objective
Default 4 hours. Configurable down to 1 hour with HA hardware (spare GPU node hot-standby).
4h → 1h
Off-site backupcustomer-designated target
Restic to customer-designated target — S3-compatible object store, NFS, or removable media. Encrypted at source; key escrow at customer.
Restic
Adapter portabilityno vendor lock-in
Adapter file is portable. A replacement box brings production back once hardware is available — base model + adapter + Qdrant snapshot = full restore.
Portable
Annual DR drillscope included
Drill scope and report included in AMC Enterprise tier. Documented walkthrough with failover, restore, and integrity-check artefacts.
AMC Enterprise
§8 · Licensing transparency

Apache 2.0 and MIT base models only.

No Llama licence flow-down. No Mistral MRL paid-redistribution ban. No Gemma flow-down or unilateral remote-restriction clause. Selection is deliberate.

In scope · approved

Used in production
  • Qwen 3 32BApache 2.0 No restrictions on commercial use. Default base model.
  • DeepSeek-R1-Distill-Qwen-32BMIT No restrictions. Reasoning-lane workloads.
  • Phi-4 · Phi-4-ReasoningMIT No restrictions. Low-RAM deployments.

Out of scope · intentionally not used

Reason documented per family
  • Llama 3.xLlama 3 Comm. Lic. "Built with Llama" branding requirement. AUP §2.c imposes flow-down obligations on derivative paid products.
  • Mistral MRL / MNPLMRL / MNPL Paid-redistribution ban. Conflicts with one-time enterprise licence model.
  • Gemma 3Gemma Use Lic. Flow-down clause plus unilateral remote-restriction clause — incompatible with on-prem customer ownership.
§9 · Audit readiness

Auditors walk in. We meet them there.

RBI auditors, WHO / FDA / CDSCO inspectors can walk into your server room and inspect the system directly. The artefact list below is available pre-audit on 24-hour notice.

System validation dossierIQ / OQ / PQ · per release
Architecture diagramstraining + production phases
Data flow mapsper integration boundary
Access control reportsKeycloak export · role · last access
Model lineage documentationbase · adapter · eval rubric · release notes
Change-control SOPproduction releases · refresh cadence
DR test reportmost recent · with timestamps
Certificate of training-data destructionsigned per fine-tuning run
Questions about security?

Talk to Rishi Tode directly.

A 30-minute walkthrough with the founder. Bring your vendor-review form; we'll fill it out in front of you.

rishi@reyatech.com +91‑7486461783