Trust & Security

01

Data Residency

Olbrain customer data is stored, processed, and accessed within India — primary region Google Cloud Mumbai. Payloads are PII-tokenized before reaching third-party language models (see 11); a sub-processor inventory documenting these flows is being formalized below.

✓ LiveGoogle Cloud Mumbai — primary region asia-south1; all customer data resident in India by construction.
✓ LiveDPDP-aligned architecture — consent, purpose limitation, and traceability designed in at the per-agent and per-token level, not as paperwork around an opaque model. Formal alignment program in progress (see 08).
• In ProgressSub-processor inventory with India-residency commitments formally documented.
• In ProgressFormal data residency attestation document available to customers on request.

02

Architecture & Tenant Isolation

Customer data is logically segregated; no cross-tenant exposure in storage, prompt context, or audit surfaces.

✓ LiveMulti-tenant with strict isolation — logical separation enforced at storage, application, and AI inference layers. Cross-tenant exposure prevented by design.
✓ LiveBYOK with per-tenant KMS — credentials sealed inside your KMS via Bring-Your-Own-Key. Regulated tenants get a dedicated key — your PII keys live in your own project, under your own KMS, in your own region, with your own audit trail.
✓ LiveNamed, exclusive agent identity — one provable, non-replicable agent per role, every agent in your fleet anchored to a named identity. The compliance unlock: a human owner, an auditor, a Risk officer, or a regulator can point to a specific agent and trace exactly what it did, when, on whose authority, against which data. Persistence across runs — the same agent-self over time — is the next milestone (see 12).
• In ProgressCryptographic decision traceability via the CNE Protocol — every agent action linked to its identity, rationale, and decision chain.

03

Access Control

Least-privilege access by default. Privileged operations require strong authentication and are reviewed quarterly.

✓ LiveOIDC-locked tooling end to end — identity-based authentication across the entire toolchain. No shared secrets, no static credentials in transit.
✓ LiveWorkload Identity Federation (WIF) for CI/CD — zero service-account JSON keys to leak. CI authenticates via short-lived federated tokens, not long-lived secrets.
✓ LiveRole-Based Access Control (RBAC) for all admin and operator surfaces.
✓ LiveMulti-Factor Authentication (MFA) required for all privileged access.
• In ProgressJust-in-time access for production support; quarterly access reviews; automated revocation on role change.

04

Data Protection

Encryption everywhere. PII detection by default. Customer data is never used to train models.

✓ LiveTLS 1.3 in transit; AES-256 at rest via Google Cloud's default encryption.
✓ LiveDesigned so raw PII does not reach the LLM — every text payload passes through our PII tokenizer sidecar before any third-party model call. Detected PII spans are replaced with deterministic ciphertext tokens; the raw values are restored only inside your tenant's trust boundary. See architecture detail below →
✓ LiveNo customer data used to train base models or fine-tunes — contractual and architectural commitment. Customer data is never exfiltrated for training.
• In ProgressSecure data deletion on contract termination, with certificate of purging.

05

Audit & Logging

Every transaction, every decision, every administrative action is logged. The audit trail is the backbone of the product.

✓ LiveCloud Audit Logs for every KMS decrypt and every agent action — written to your project, in your region, under your audit trail. No data-plane action is unobservable.
✓ LiveLumen — admin's single pane of glass. Drag-to-pin any session, replay any agent action, produce an audit packet on demand for InfoSec, Risk, or the regulator.
• In ProgressImmutable audit trail anchored by the CNE Protocol — cryptographic chain of custody for agent decisions.
• In ProgressConfigurable retention — default 7 years for regulated industries (BFSI, healthcare); customer-readable audit feed via API.

06

AI-Specific Controls

The risks unique to AI agents — prompt injection, hallucination, training drift, cross-tenant prompt leakage — treated as first-class engineering concerns.

✓ LivePII tokenization in every agent I/O path — designed so the LLM does not see raw PII; detected spans are tokenized before any model call. Token-level enforcement, not paperwork-level promise.
✓ LiveProhibition on customer-data training — contractually and architecturally enforced. Your data is not used to train base models, fine-tunes, or evaluations.
✓ LiveMyelin — the information-security specialist. Watches Olbrain's platform itself in real time, surfacing InfoSec posture, incidents, and anomalies live for your security team.
• In ProgressPrompt injection defenses — input sanitization, content filters, and instruction-set isolation.
• In ProgressHallucination guardrails — retrieval grounding for factual claims, refusal scaffolding for low-confidence answers.
• In ProgressHuman-in-the-loop escalation for sensitive operations (financial, legal, healthcare).
• In ProgressAI change management — model upgrades, guardrail changes, and prompt updates require customer notification with diff documentation.

07

Incident Response

Defined detection, classification, response, and customer-notification process. Reachable 24×7 for critical incidents.

• In ProgressInformation Security Officer appointed; incident response RACI documented.
• In Progress24×7 incident reporting via security@olbrain.com with severity-based intake.
• In ProgressSeverity-based response SLAs:
· Critical: 1-hour acknowledgment, 4-hour engagement
· High: 4-hour acknowledgment
· Medium / Low: 1 business day
• In ProgressCustomer notification timelines aligned to regulatory requirements (DPDP, RBI, sector-specific).

08

Compliance & Certifications

Targets are fixed and engagements are underway. We publish progress, not just intentions.

• In ProgressDPDP Act 2023 — alignment in data handling, consent, and principal rights.
• In ProgressISO/IEC 27001:2022 certification — engagement in selection phase; target Q4 2026.
• In ProgressSOC 2 Type II report — observation window starting Q4 2026; target report Q2 2027.
• In ProgressVA / Penetration Testing by independent third party — target Q3 2026.
• In ProgressSource code security review — target Q3 2026.
• In ProgressBCP / DR testing report with documented RTO and RPO — target Q4 2026.

09

Information Security Governance

Named ownership, defined organizational structure, and a documented policy stack.

• In ProgressInformation Security Officer appointed with documented charter.
• In ProgressISMS organizational structure with security committee and incident response team.
• In ProgressDocumented roles and responsibilities for engineering, operations, customer success, and leadership.
• In ProgressFull policy stack — 17 policies including Information Security, Incident Management, BCP, User Access (incl. privileged), HR Security, Network, Anti-Malware, Patch Management, Logging, Backup, Secure SDLC, Media Handling, Physical Security, DPDP-aligned Privacy, Retention, Acceptable Use, and AI Usage & Data Ethics.

10

Customer Commitments in MSA

Standard contracts include the data, AI, third-party, and exit obligations enterprise customers expect.

• In ProgressData protection & privacy — purpose limitation, confidentiality undertakings, data ownership in customer's favor, prohibition of secondary use, data localization, lawful data principal rights support, secure deletion, indemnification.
• In ProgressAI-specific controls — approved AI workflow governance, AI DFDs, prompt injection / hallucination guardrails, no model training on customer data, no cross-tenant exposure, AI change management.
• In ProgressThird-party / outsourcing — subcontracting restrictions, sub-processor approval, flow-down of security obligations, accountability, SLA monitoring.
• In ProgressExit strategy — secure data return, residual data deletion, certificate of purging, orderly transition support.

11

PII Architecture — in detail

The most important part of our InfoSec story is what happens to your customers' PII. The short version: it is designed so the LLM does not see it.

✓ LiveSidecar PII tokenizer service. Every text payload an Olbrain agent needs to send to a third-party LLM first passes through our PII tokenizer — a service running alongside the agent runtime, not bolted on after.
✓ LivePiiranha SLM, wrapped in Microsoft Presidio. Our tokenizer runs a purpose-trained small language model called Piiranha, embedded inside Microsoft's Presidio framework. Together they detect PII spans — names, phone numbers, emails, account numbers, IDs, addresses — with detection quality continuously evaluated against India-specific patterns.
✓ LiveDeterministic ciphertext token replacement. Each detected PII span is replaced with a deterministic ciphertext token before the text ever crosses the LLM boundary. The LLM sees tokens, not values. Same input yields the same token — allowing agent reasoning to remain consistent across calls, without leaking raw data.
✓ LivePII restored only inside your tenant trust boundary. When the LLM response returns, ciphertext tokens are decrypted and replaced with the original PII values — inside your tenant boundary, under your KMS, on your audit trail. By design, raw PII does not cross the LLM boundary.
✓ LiveEncryption keys wrapped in Google Cloud KMS. The encryption keys powering the tokenizer are wrapped in Cloud KMS. For regulated tenants (NBFCs, banks), each tenant gets a dedicated per-tenant copy of the tokenizer with its own key — living in your own project, your own KMS, your own region, under your own audit trail.
✓ LiveCross-tenant PII isolation by design. One tenant's PII keys cannot decrypt another tenant's data — the architecture prohibits it, the KMS enforces it, and the audit logs make it provable.

12

Cognitive Substrate (CS-packet)

Olbrain’s proprietary state-carrier primitive: context, memory, and identity unified into one LLM-window-fit packet.

✓ LiveUnified state carrier. Every CS-packet bundles the agent’s context, memory, history, CoF, and CNE bindings into a single, LLM-window-fit envelope that travels with each query to the reasoning faculty (the NC — implemented today by commodity LLMs).
✓ Live~40% token reduction vs. raw context. CS-packet compression fits richer agent context inside the LLM window — lower cost per call, more capacity for actual reasoning, less context churn across the fleet.
✓ LiveIdentity-bound at every layer. CS-packets are bound to a specific agent_id at definition and run level — every audit event attributable to a specific agent, not an anonymous execution.
• In ProgressAgent-self statefulness across runs. Workflow-stateful today via the custom Python/FastAPI orchestrator on Cloud Run with state persisted to Firestore after every step. Agent-self statefulness — the same agent across runs — is the next milestone, scoped by Narrative Continuity in the Agency Protocol.

13

Witness Network

Tamper-evident, replayable verification over CS-packet streams. Witnesses are Olbrain-operated today; a federated, independent witness network is on the roadmap.

✓ LiveTamper-evident verification. Witnesses produce cryptographic proofs over CS-packet streams — integrity an auditor can re-check against the witnessed stream itself.
✓ LiveReplayable. Every agent action, every commitment, every decision can be reconstructed from the witnessed stream and re-verified after the fact.
• In ProgressFederated, independent network. Witnesses are Olbrain-operated today. The federated network — independent third-party witnesses providing additional verifiability — is on the roadmap.

14

Legal Entity & Data Controller

One legal entity, incorporated in India. Indian customer data is held, processed, and contracted by it — there is no foreign parent or affiliate in the data path.

✓ LiveData Controller & MSA counter-party: Olbrain Labs Private Limited — an Indian private limited company incorporated in Gurugram on 5 August 2024. The contracting party for all enterprise customers and the controller of all customer data.
✓ LiveRegistered office: 825-26, Emaar Emerald Plaza, Sector 65, Gurugram, Haryana — 122102, India.
✓ LiveStatutory identifiers: CIN U62013HR2024PTC123898 · GSTIN 06AAECO4642B1ZU · PAN AAECO4642B · TAN RTKO03748D.
✓ LiveEntity verification documents (CoI, GST, PAN, bank details) available to procurement teams on request.

InfoSec-first by construction, not bolted on later.