Trust & Security

Your data stays in India. Always.

CrewCheck inspects AI traffic without persisting prompts, training on your data, or creating unauditable evidence. Built for teams that answer to DPDP, RBI, and SEBI.

Latest production measurement: sub-100ms added gateway overhead at P95. Total round-trip latency depends on your chosen upstream LLM provider.

See Live DemoView Pricing

DPDP Act 2023

Section 8(5) Compliant

RBI FREE-AI

Policy Pack Ready

SEBI AI

Regulation Support

ISO 27001

Control mapping — self-assessed

Security Architecture

Six pillars of trust

Every design decision in CrewCheck starts with one question: how do we protect customer data while still delivering governance value?

Zero Persistence

Raw prompts exist only in RAM during inspection. Nothing is written to disk, stored in a database, or logged. The value is gone within a millisecond.

India Data Residency

All processing happens on Railway (Asia-Southeast) and Supabase (Indian region). Your data never leaves India's jurisdictional boundary.

Tamper-Evident Logs

Audit logs are hash-chained. Any modification is cryptographically detectable during verification — no silent edits possible.

Deterministic Detection

PII detection uses regex, Verhoeff checksums, and word-digit normalization. No black-box AI — your security team can inspect every rule.

Key Isolation

Your API keys are used only for your LLM workload. Guardrail evaluations run on CrewCheck's own keys and infrastructure, at our cost.

VPC / Air-Gap Option

For zero-trust requirements, deploy CrewCheck inside your own VPC. No raw prompt ever leaves your private network.

Latency Methodology

What we measure, and what we do not

CrewCheck reports gateway overhead separately from upstream model time. The number we publish is the internal request path inside CrewCheck: auth, app and policy resolution, PII scanning, policy evaluation, and response serialization. Provider latency is real, but it belongs to your chosen LLM vendor and region.

Current production result

81ms P95 gateway overhead on May 11, 2026, measured on the live production gateway.

Buyer-safe claim

We describe this as sub-100ms added gateway overhead at P95. We do not fold provider time into that claim.

Latency SLO

CrewCheck currently targets gateway overhead under 250ms at P95 during business hours.

The production measurement script captures total request time, upstream provider time, and CrewCheck stage timings, then computes gateway overhead as total minus upstream provider latency.

How It Works

What happens to your prompt

01

Prompt arrives at CrewCheck gateway

Your app sends the request to CrewCheck's Indian-resident endpoint instead of directly to OpenAI/Anthropic.

02

In-memory PII inspection

Deterministic detection (regex + Verhoeff checksums) identifies Aadhaar, PAN, UPI, IFSC values. No disk writes. No database storage.

03

Redaction & policy enforcement

Detected PII is replaced with safe tokens. DPDP policy packs enforce purpose limitation and consent requirements.

04

Clean prompt forwarded to LLM

The redacted prompt is sent to your chosen provider using your API key. The provider never sees raw PII.

05

Audit record created

A hash-chained log entry records the action taken — never the raw value. The original prompt is discarded from RAM.

DPDP Section 8(2)

Sub-processors

CrewCheck publishes its processor chain so customers can map their own DPDP disclosures and vendor-risk reviews without guesswork.

Procurement view

Supabase

Database, auth

DPA Yes
Region
ap-south-1 (Mumbai)
Last reviewed
2026-05-08

Specific data shared: Encrypted application data, auth metadata, organization records, audit metadata; no raw customer prompts unless retention is enabled by customer configuration.

DPA / agreement: Supabase DPA / data processing terms.

Customer right-to-object: Customers may request migration off any sub-processor for a sub-processing fee. Contact privacy@crewcheck.in

Railway

Application hosting

DPA Yes
Region
India region selected
Last reviewed
2026-05-08

Specific data shared: Runtime traffic, redacted request metadata, application logs, and transient in-memory prompt inspection for gateway and scanner services.

DPA / agreement: Railway DPA / cloud hosting data processing terms.

Customer right-to-object: Customers may request migration off any sub-processor for a sub-processing fee. Contact privacy@crewcheck.in

Vercel

Frontend hosting + edge

DPA Yes
Region
Global edge, India POP
Last reviewed
2026-05-08

Specific data shared: Public-site requests, static assets, edge analytics metadata, and form traffic routed from the web application.

DPA / agreement: Vercel DPA / platform data processing terms.

Customer right-to-object: Customers may request migration off any sub-processor for a sub-processing fee. Contact privacy@crewcheck.in

OpenAI

LLM inference (BYOK supported)

DPA Yes
Region
US (default) — region routing in build
Last reviewed
2026-05-08

Specific data shared: Redacted prompts or customer-routed inference payloads when a customer explicitly configures OpenAI as an upstream provider.

DPA / agreement: OpenAI business terms / DPA.

Customer right-to-object: Customers may request migration off any sub-processor for a sub-processing fee. Contact privacy@crewcheck.in

Anthropic

LLM inference (BYOK supported)

DPA Yes
Region
US — region routing in build
Last reviewed
2026-05-08

Specific data shared: Redacted prompts or customer-routed inference payloads when a customer explicitly configures Anthropic as an upstream provider.

DPA / agreement: Anthropic commercial terms / DPA.

Customer right-to-object: Customers may request migration off any sub-processor for a sub-processing fee. Contact privacy@crewcheck.in

DeepSeek

LLM inference (optional)

DPA Yes
Region
Hong Kong — flagged for cross-border review
Last reviewed
2026-05-08

Specific data shared: Optional semantic-analysis payloads only when enabled; deterministic detection runs first and the provider is flagged for cross-border review.

DPA / agreement: DeepSeek processing terms; optional provider under review.

Customer right-to-object: Customers may request migration off any sub-processor for a sub-processing fee. Contact privacy@crewcheck.in

Microsoft Clarity

Product analytics (no PII)

DPA Yes
Region
Global
Last reviewed
2026-05-08

Specific data shared: Public-product analytics events and session diagnostics configured to avoid intentional PII collection.

DPA / agreement: Microsoft Products and Services Data Protection Addendum.

Customer right-to-object: Customers may request migration off any sub-processor for a sub-processing fee. Contact privacy@crewcheck.in

Cashfree

Payments

DPA Yes
Region
India
Last reviewed
2026-05-08

Specific data shared: Payment checkout metadata, subscription payment status, and billing identifiers required to process customer payments.

DPA / agreement: Cashfree merchant and payment processing terms.

Customer right-to-object: Customers may request migration off any sub-processor for a sub-processing fee. Contact privacy@crewcheck.in

We disclose our sub-processors so you can disclose yours. Under DPDP Section 8(2), every Data Fiduciary using crewcheck must identify us as a processor. To help you identify our chain in your own compliance disclosures, this list is updated within 30 days of any change.

FAQ

Questions from security, legal, and engineering

Straight answers for your compliance review.

If CrewCheck inspects my prompts, doesn't it see raw PII?+
Yes — transiently. The raw prompt passes through our Indian-resident infrastructure in memory only. It is never persisted, never used for training, and is discarded within the duration of a single request. The audit record captures only the action taken (e.g. "PII detected: Aadhaar"), never the actual value.
How do guardrail evaluations work without exposing my data?+
When semantic guardrails (prompt injection, hallucination checks) need an LLM, the prompt is already redacted before it reaches that model. The evaluation uses CrewCheck's own API key on a lightweight model (GPT-4o-mini), optimized for fast policy checks. Your provider key never touches the guardrail layer.
Where exactly is data stored?+
Customer data is stored in India using Supabase (Indian region) and Railway (Asia-Southeast region) infrastructure. On enterprise VPC plans, data never leaves your private network.
Are audit logs mutable?+
No. Logs are hash-chained and tamper-evident. Any modification — even a single character — breaks the chain and is immediately detectable during verification.
Who can access logs?+
Only authorised users inside your organisation, controlled by role-based permissions. Engineering teams can debug policy outcomes through redacted views without ever seeing raw PII.
What happens during a breach?+
CrewCheck follows a 72-hour DPDP notification workflow with automated alerting. Enterprise customers receive a detailed incident response plan and dedicated support.
Can legal teams export evidence?+
Yes. Compliance and legal teams can export audit PDFs with full hash-chain verification evidence, suitable for regulatory submissions and court proceedings.
What deployment options are available?+
Cloud deployment for startups (instant setup). Private VPC and on-prem air-gapped deployment for enterprises with strict data localization requirements.

Deployment

Choose your trust boundary

Cloud

For startups and growth-stage teams

  • Indian-resident infrastructure (Railway + Supabase)
  • Zero-persistence processing
  • Instant setup — one env variable change
  • CrewCheck security control mapping
View plans

Enterprise VPC

For regulated enterprises and BFSI

  • Air-gapped deployment in your own VPC
  • No raw prompt ever leaves your network
  • Custom retention and encryption policies
  • Dedicated support and SLA
Contact sales

Ready to see it in action?

Try the live demo with Indian PII detection, DPDP policy packs, and tamper-evident audit trails. No sign-up required.

Try Live DemoPolicy Templates