We sell evidence, so we should be held to it. This page states how Samyoga handles your data, in claims the architecture actually backs — and tells you plainly which answers belong in a briefing rather than on a marketing page.
Samyoga reads the security data where it already lives — Snowflake, Databricks, ClickHouse, S3, Iceberg, BigQuery — and does not copy it into a parallel store. There is no ingestion pipeline to audit because there is no ingestion. What leaves the lake boundary is derived analysis: the graph, the rankings, the dispatches.
India data residency is available, and for engagements where data may not cross any boundary at all, the deployment model below removes the question entirely.
A language model writes each dispatch narrative; it does not get free rein. Narrator input is scrubbed against prompt injection before the model sees it, detection content and narrator templates ship as a versioned canon you can review and override per tenant, and in air-gapped deployments the model runs locally with no telemetry leaving the site. The model provider is an abstraction — local models or your approved cloud provider — so your inference layer follows your policy, not our roadmap.
Exposure artifacts are signed and offline-verifiable: your board, auditor, or insurer can check a number without calling us or taking our word. Share links are integrity-signed. Actions in the platform leave audit trails built for regulated review, and the data model speaks OCSF 1.0 throughout, so what we read and what we derive stays in an open, inspectable schema. The exposure number itself has a published methodology.
Certification status (SOC 2, ISO 27001), penetration-test summaries, subprocessor lists, and completed security questionnaires (CAIQ, SIG) are answered in the briefing and under NDA, where the answer is current rather than whatever a marketing page said when it was last deployed. We answer questionnaires in full, and the architecture above is designed so the claims that matter most are ones you can verify yourself.
To report a security issue or request the security packet: [email protected], subject line “Security.” Reports get a human reply within one business day.
Bring your security questionnaire to the briefing. We reply within one business day with two or three time slots.