Data sovereignty, AWS architecture, and certifications

PolicyCentral.ai offers two deployment models: SaaS, where data lives on PolicyCentral.ai's managed AWS infrastructure, in an AWS region you select (India region available for data residency compliance). Private AWS Account, where data lives entirely within your organization's own AWS account. In this model, PolicyCentral.ai deploys the platform into your cloud environment; the vendor has no access to your data, and your organization retains full data sovereignty.

SaaS: fully managed by PolicyCentral.ai on their AWS infrastructure. No infrastructure responsibility on your side, faster updates, lower IT overhead. Private AWS Account: platform runs in your AWS environment. You retain data sovereignty; the vendor has no access; your InfoSec team applies your own security policies. Trade-off is slightly higher IT involvement for initial setup. For most large RBI-regulated banks and SEBI-registered entities, private deployment is the standard choice.

Yes. The web portal can be configured to allow connections only from specified IP addresses or ranges, such as your office network, VPN endpoints, and trusted branches. PolicyCentral.ai is then inaccessible from outside your network perimeter regardless of valid login credentials. Supported out of the box without requiring additional network-level configuration from your side.

Mobile apps can be distributed via public app stores (Apple App Store, Google Play) for BYOD environments, or via private enterprise app stores (Microsoft Intune, VMware Workspace ONE, or similar MDM/EMM platforms) for organizations that require all employee apps to be enterprise-managed, consistent with how other enterprise mobile applications are handled.

ISO 27001 (information security management), SOC 2 Type II (independently audited security controls), GDPR Compliant (data privacy protection), NIST Cybersecurity Framework (cybersecurity risk management), RBI BFSI Guidelines (banking and financial services compliance). All data encrypted with AES-256 at rest and in transit. Platform runs on AWS infrastructure with a 99.99% uptime SLA backed by AWS's own availability guarantees.

No. The platform integrates with your Active Directory (AD) for employee login and enables Single Sign-On (SSO). Employees log in using existing corporate credentials, the same username and password they use for email. No additional credential to manage, no password reset queue, no parallel identity system. Standard SAML-based SSO providers (Okta, Azure AD, PingFederate) are supported.

In private AWS account deployment: PolicyCentral.ai has zero access to your data. The platform runs in your cloud environment governed by your IAM policies. In SaaS deployment: data access is governed by the SaaS agreement, limited to the operational minimum required (e.g., AI processing pipeline reads documents to generate summaries within the AWS service boundary, with no human access). Data access terms are detailed in the Data Processing Agreement available in the commercial contract.

All data is exportable: policy content, compliance records (read receipts, attestation data, e-sign logs), version histories, and analytics, in standard formats (CSV, Excel, JSON). No proprietary data format creates lock-in. For private AWS account deployments, your data already lives in your own S3 buckets and databases. Off-boarding includes a structured data export ensuring a complete historical compliance record, important for regulatory audit windows extending 3–7 years into the past.

PolicyCentral.ai is WCAG 2.1 AA compliant: usable with screen readers, sufficient color contrast ratios, keyboard navigation supported, text alternatives for non-text content. The audio version feature (Amazon Polly) is specifically valuable for visually impaired employees, who can listen to policy content rather than relying on screen reader compatibility with dense PDF files.