Built for procurement.
Cleared by security review.
Where data sits, how it's encrypted, who can access it, what we retain, and which regulatory frameworks we clear. The full posture, not a marketing badge.
Four topologies. One framework.
TerraEdge is built to deploy where your security posture requires — not where the vendor would prefer. Every topology supports the same framework, the same modules, the same outcomes.
Cloud VPC
Default deployment inside your AWS, Azure, or GCP account. Your control plane, your data plane, your audit trail. TerraEdge never holds your data.
On-premises
Supported for regulated and high-sensitivity workloads. Models, weights, and pipelines run inside your network — no external dependencies for production inference.
Hybrid
Data plane on-prem, control plane in cloud. Used by clients with sensitive operational data but cloud-friendly orchestration requirements.
Air-gapped
Fully disconnected deployments for defence, law enforcement, and the most sensitive regulated workloads. No external network calls. No model phone-home.
Encryption, identity, residency, deletion.
The four operational primitives every enterprise security review evaluates. TerraEdge commits to each in contract.
Encryption at rest and in transit
AES-256 for stored data, model weights, and training datasets. TLS 1.3 for all internal and external communication. Customer-managed keys (KMS / HSM) supported.
Identity & access
Role-based access control on every module. SSO via SAML 2.0 or OIDC. Per-event audit trails for every data access. Session-level scoping for sensitive operations.
Data residency
Region-scoped deployments — data stays in the region you specify (India, EU, UAE, US, on-prem). No cross-region replication without explicit, contracted consent.
Retention & deletion
Per-deployment retention policies. Right-to-erasure handlers built into the ingestion layer. Retraining pipelines respect deletion events. Default 30-day operational log retention, fully configurable.
No public weights in your pipeline.
By default, no public LLM API calls run in the production pipeline. No third-party model weights are introduced without explicit client approval and a documented IP review. Your bespoke models are trained on your corpus, deployed in your perimeter, and never re-deployed elsewhere by TerraEdge.
Sub-processors are limited to infrastructure inside your cloud account and observability inside your tooling. The full sub-processor list is shared per deployment under NDA. For air-gapped deployments, the list is empty.
The frameworks we clear.
Stated honestly — what's certified, what's aligned, what's per-client. Specific control mappings shared under NDA as part of vendor security review.
DPDP (India)
Built-in support for the Digital Personal Data Protection Act: data principal rights, consent management, breach-notification workflows, and purpose-binding controls on processing.
GDPR (EU)
Data subject rights handlers (access, rectification, erasure, portability), DPIA-ready logging, and sub-processor controls. Lawful-basis tags on every processing activity.
SOC 2
Operational practices aligned to SOC 2 Type II controls (security, availability, confidentiality). Independent attestation in progress. Current control mappings shared under NDA.
Regulated-sector frameworks
For defence, law enforcement, and BFSI engagements, TerraEdge supports the additional regulatory frameworks the client must clear — RBI, SEBI, IRDAI, MoD, and equivalent international regimes.
Most engagements clear procurement on the first review.
CAIQ, VSAQ, and custom vendor security questionnaires turned around in 5 business days.
Summaries available under NDA. Annual third-party penetration testing on shared infrastructure.
Bug bounty and responsible disclosure handled through security@terraedgesoft.com.
Not ready for AI yet? Want to chat about possibilities?
No pitch, no pressure. Just a conversation about where AI could fit, or where it can wait. Bring your skepticism — we'll bring ours.
Send us your questionnaire. We'll send it back in five business days.
CAIQ, VSAQ, custom — we've cleared most of them. Bring your security team into the first scoping call and we'll work the controls discussion in parallel with the architecture.
