Anshap
Anshap
Book a Pilot
TRUST · SECURITY · COMPLIANCE

Privacy by architecture,
not by policy.

How Anshap protects what your people share with Noa, what leadership can and cannot see, and where your data lives.

HomeTrust & Security
FOUR PILLARS

How we earn the right to be in your employees' conversations.

Data Protection

DPDP Act 2023 native

Anshap is built to comply with India's Digital Personal Data Protection Act 2023. Consent, data principal rights, breach notification, and data fiduciary obligations are part of how the platform is engineered — not an afterthought.

Explicit consent at every collection point
Data principal rights honoured (access, correction, erasure)
Breach notification SLA: 72 hours to DPO
Audit logs for every data interaction
Data Residency

Hosted in India by default

All conversational data, user records, and cohort analytics are stored within Indian data centres. No cross-border data transfer for default deployments. For multinational clients, regional residency options are configurable per cohort.

Indian primary data centre (AWS Mumbai region)
Disaster recovery within India
No data transfer to non-Indian jurisdictions by default
Regional configuration available for global pilots
Anonymisation

End-to-end at the architecture level

There is no pathway inside the product to attribute a cohort signal to a specific person. Cohort minimum thresholds are enforced before any reporting — smaller cohorts roll up to the next valid cohort. This is structural, not a setting.

Minimum cohort size enforced before any reporting
No identity-linked signals in leadership dashboards
Conversation content never leaves the user surface
Aggregation happens before any leadership-facing surface
Clinical Governance

RCI-reviewed framework

Every interaction pattern, escalation criterion, and clinical signal in Noa is reviewed against frameworks set by Rehabilitation Council of India registered psychologists. Our advisory practitioners review changes before deployment.

RCI-registered clinical advisors on the framework
Evidence-based reflection and CBT-informed design
Escalation criteria reviewed by clinicians
Quarterly clinical review cycle
THE ANONYMISATION WALL

What stays personal. What becomes signal. Where the line is.

Personal Side

What a person says to Noa

  • Raw conversation text
  • Identifying metadata
  • Step-up consent state
  • Personal goals
  • Emotional state details
ANONYMISATION
WALL
Cohort Side

What leadership sees

  • Cohort risk index movement
  • Theme density across groups
  • Engagement trends
  • Escalation demand patterns
  • Care-path completion rates

The wall is enforced in code. There is no admin setting, no role, no internal tool that can attribute a cohort signal back to an individual. Audit logs are available to your DPO on request.

CERTIFICATIONS · ROADMAP

Where we are. Where we're going.

Live Today
  • DPDP Act 2023
    Compliant by architecture
  • Data residency in India
    AWS Mumbai region
  • Cohort anonymisation
    Minimum-threshold enforcement
  • RCI clinical review
    Quarterly cycle
  • Audit logging
    Available to client DPO
In Progress · 2026
  • ISO/IEC 27001
    Information security management
  • SOC 2 Type II
    Security & availability controls
  • HIPAA-aligned controls
    For US-deploying multinationals
  • Penetration testing
    Annual third-party engagement
  • Bug bounty programme
    Coordinated disclosure
Data Protection Officer

Direct line to our DPO.

Security questionnaires, data processing addendums, audit log requests, breach disclosures, sub-processor lists — all handled directly. Response within 1 business day.

dpo@anshap.comContact via form →