Wardya Docs / Security

Security and compliance

Public security posture for the Wardya Identity Data Intelligence Platform. Covers identity, data security, isolation, audit, responsible AI, and privacy.

Public docs use sandbox-only examples. Production credentials, private partner integrations, internal architecture, and deployment details are shared only through approved onboarding.

Identity & access

  • OIDC / OAuth2 with passkey support
  • Phishing-resistant MFA
  • Device-bound sessions
  • Step-up authentication

Data security

  • AES-256 at rest
  • TLS 1.3 in transit
  • Field-level PII encryption
  • Key rotation and tokenization

Tenant isolation

  • Per-tenant boundaries
  • Workload segmentation
  • Independent policy and audit
  • Residency controls

Audit and assurance

  • Tamper-evident logs
  • Regulator-ready reporting
  • Configuration baseline tracking
  • Incident timelines

Responsible AI

  • Explainable decisions
  • Bias monitoring
  • Human-in-the-loop escalation
  • Model governance and versioning

Privacy

  • Data minimization
  • Purpose limitation
  • Right to access and erasure support
  • Third-party processor governance

Compliance posture

SOC 2 Type II readiness
Operational and design controls aligned to SOC 2 trust principles.
GDPR alignment
Lawful basis, minimization, retention, and subject rights workflows.
PCI DSS pathway
Tokenization, isolation, and key handling for payment-adjacent data.
Regional frameworks
Mapping to local regulatory requirements per deployment.

Responsible disclosure

Wardya welcomes responsible disclosure of security vulnerabilities. Please email contactus@wardya.ai. See /.well-known/security.txt.