TerraEdge
Trust & security

Built for procurement.
Cleared by security review.

Where data sits, how it's encrypted, who can access it, what we retain, and which regulatory frameworks we clear. The full posture, not a marketing badge.

Deployment topologies

Four topologies. One framework.

TerraEdge is built to deploy where your security posture requires — not where the vendor would prefer. Every topology supports the same framework, the same modules, the same outcomes.

Cloud VPC

Default deployment inside your AWS, Azure, or GCP account. Your control plane, your data plane, your audit trail. TerraEdge never holds your data.

On-premises

Supported for regulated and high-sensitivity workloads. Models, weights, and pipelines run inside your network — no external dependencies for production inference.

Hybrid

Data plane on-prem, control plane in cloud. Used by clients with sensitive operational data but cloud-friendly orchestration requirements.

Air-gapped

Fully disconnected deployments for defence, law enforcement, and the most sensitive regulated workloads. No external network calls. No model phone-home.

Data posture

Encryption, identity, residency, deletion.

The four operational primitives every enterprise security review evaluates. TerraEdge commits to each in contract.

Encryption at rest and in transit

AES-256 for stored data, model weights, and training datasets. TLS 1.3 for all internal and external communication. Customer-managed keys (KMS / HSM) supported.

Identity & access

Role-based access control on every module. SSO via SAML 2.0 or OIDC. Per-event audit trails for every data access. Session-level scoping for sensitive operations.

Data residency

Region-scoped deployments — data stays in the region you specify (India, EU, UAE, US, on-prem). No cross-region replication without explicit, contracted consent.

Retention & deletion

Per-deployment retention policies. Right-to-erasure handlers built into the ingestion layer. Retraining pipelines respect deletion events. Default 30-day operational log retention, fully configurable.

Model provenance

No public weights in your pipeline.

By default, no public LLM API calls run in the production pipeline. No third-party model weights are introduced without explicit client approval and a documented IP review. Your bespoke models are trained on your corpus, deployed in your perimeter, and never re-deployed elsewhere by TerraEdge.

Sub-processors are limited to infrastructure inside your cloud account and observability inside your tooling. The full sub-processor list is shared per deployment under NDA. For air-gapped deployments, the list is empty.

Compliance frameworks

The frameworks we clear.

Stated honestly — what's certified, what's aligned, what's per-client. Specific control mappings shared under NDA as part of vendor security review.

DPDP (India)

Built-in support for the Digital Personal Data Protection Act: data principal rights, consent management, breach-notification workflows, and purpose-binding controls on processing.

GDPR (EU)

Data subject rights handlers (access, rectification, erasure, portability), DPIA-ready logging, and sub-processor controls. Lawful-basis tags on every processing activity.

SOC 2

Operational practices aligned to SOC 2 Type II controls (security, availability, confidentiality). Independent attestation in progress. Current control mappings shared under NDA.

Regulated-sector frameworks

For defence, law enforcement, and BFSI engagements, TerraEdge supports the additional regulatory frameworks the client must clear — RBI, SEBI, IRDAI, MoD, and equivalent international regimes.

Security review process

Most engagements clear procurement on the first review.

Questionnaires

CAIQ, VSAQ, and custom vendor security questionnaires turned around in 5 business days.

Penetration tests

Summaries available under NDA. Annual third-party penetration testing on shared infrastructure.

Responsible disclosure

Bug bounty and responsible disclosure handled through security@terraedgesoft.com.

Earlier in the journey?

Not ready for AI yet? Want to chat about possibilities?

No pitch, no pressure. Just a conversation about where AI could fit, or where it can wait. Bring your skepticism — we'll bring ours.

Hit us up
Security review

Send us your questionnaire. We'll send it back in five business days.

CAIQ, VSAQ, custom — we've cleared most of them. Bring your security team into the first scoping call and we'll work the controls discussion in parallel with the architecture.