Your matters stay yours.
Every byte. Always.
Gotham is built for Indian law firms — and for the way Indian law firms actually handle privilege, confidentiality, and regulator scrutiny. Data is encrypted, India-resident, never used to train models, and auditable end-to-end.
Four non-negotiables.
Everything else is implementation detail. These four are how we sleep at night.
India data residency
Matter data lives in AWS Mumbai (ap-south-1). Backups stay in-region. We will tell you, in writing, before a single byte crosses a border.
Never trained on
Your filings, drafts, and uploads are never used to train or fine-tune any model — ours, our vendors', or anyone else's. Contractually enforced with every model provider.
Encrypted everywhere
TLS 1.3 in transit. AES-256 at rest in RDS + S3, keys managed by AWS KMS with per-tenant scoping. Database snapshots encrypted with the same key set.
Audit by default
Every read, every write, every model call is logged. Partner-level audit log in the product. Tamper-evident chain for regulator-grade review.
How the bytes move.
A normal request, drawn end-to-end.
- 1
Edge
Cloudflare orange-cloud proxy in front of every Gotham endpoint. DDoS, bot filtering, WAF rules tuned for legal-software abuse patterns.
- 2
Auth
Google Workspace + Microsoft 365 SSO. SCIM provisioning. Per-firm tenant isolation enforced at the row level — no shared tables, ever.
- 3
Compute
Stateless workers on AWS Fargate (Mumbai). Outbound traffic to model providers goes through a logging proxy that strips PII when the model doesn't need it.
- 4
Storage
RDS Postgres for matters and metadata. S3 (Mumbai) for documents. pgvector for embeddings. All encrypted with KMS.
- 5
Models
Anthropic Claude (zero-retention agreement), Google Gemini (zero-retention via Vertex), and self-hosted BGE-M3 for embeddings on Indian languages. No training, no logging beyond 24h debug retention.
- 6
Observability
CloudWatch + per-tenant trace ID on every operation. Audit-log table is append-only; deletes go through a separate signed-action pathway.
Standards we hold ourselves to.
A few are certified; the rest are operational policy you can audit on request.
| Standard | Status | Notes |
|---|---|---|
| DPDP Act 2023 (India) | In effect | Data fiduciary obligations live. Grievance officer named at /privacy. |
| SOC 2 Type II | In progress | Audit kick-off Q3 2026. Pre-audit controls already operational. |
| ISO/IEC 27001 | Planned | 2027. Currently mapping controls. |
| GDPR | Applies | For non-India clients. DPA available at /security#dpa. |
| India BCP / DR | In effect | RTO 4h, RPO 1h. Quarterly drills. |
| HIPAA | Not in scope | Gotham does not process PHI. |
Who else touches your data.
Updated every quarter. Material changes are notified 30 days in advance.
| Vendor | Purpose | Region | Data category |
|---|---|---|---|
| Amazon Web Services | Compute, storage, networking | Mumbai (ap-south-1) | All matter data |
| Anthropic | Claude model inference | US (zero-retention) | Prompts only, no training |
| Google Cloud (Vertex) | Gemini model inference | Mumbai (asia-south1) | Prompts only, no training |
| Cloudflare | Edge, DNS, WAF | Global anycast | Request metadata, no bodies |
| Google Workspace | Identity (SSO) | EU/US per Workspace plan | Email, name only |
Found something? Tell us.
We take security disclosures seriously. Acknowledgement within 48h, fix or roadmap within 30 days.
security@trygotham.io
Encrypted via our PGP key (fingerprint published on request). Include reproduction steps, impact, and proposed severity. We do not pursue good-faith research.
Data Processing Agreement.
A signed DPA is included in every MSA. Standalone DPA available on request.
Our standard DPA covers DPDP Act 2023 (India) and GDPR (where applicable). It names AWS as a sub-processor under the EU SCCs (modules 2 + 3), enumerates the data categories above, and binds Gotham to processing instructions issued by the firm as data fiduciary. Request a copy at legal@trygotham.io.