Built for regulated transactions.

1.Microsoft 365 & documents

DRHP and related Word files are stored in Microsoft OneDrive and worked on through Vaultrix's Microsoft 365integration. Vaultrix orchestrates the workflow; the files themselves stay in Microsoft's cloud under the Microsoft 365 arrangement used for your Vaultrix service—not as everyday file storage sitting on Vaultrix's own computers.

We do not keep master copies of Word files as ad hoc uploads on Vaultrix servers. Microsoft hosts the documents; Vaultrix keeps the links and deal-room state needed to coordinate the transaction. When the product produces PDFs from Word, those outputs are saved back into OneDrive where that step completes successfully.

Teams can sign in with Microsoft where that option is turned on. Outlook-related features only touch mailboxes your users connect and approve, as described in our Privacy Policy.

2.Where data lives

Vaultrix systems. In our usual India setup, information such as accounts, activity, compliance records, audit history, section status, and coordination details is hosted on Amazon Web Services in Mumbai. If you have a bespoke arrangement, location may differ—your order or data-processing agreement states what applies.

Working files. Word documents and PDFs created in the workflow remain in Microsoft OneDriveunder the Microsoft 365 setup used for Vaultrix. Where Microsoft physically stores those files follows Microsoft's policies and settings, which may not match where Vaultrix systems run.

Optional AI-assisted features may use external AI suppliers; cross-border handling and vendor terms are summarised in our Privacy Policy.

3.Vulnerability assessment & penetration testing

Independent penetration tests and security assessments are part of how we run security. Outside specialists review our environment and the live product where appropriate (including, when engaged, firms on recognised assessment panels). Findings are tracked through to closure.

4.Encryption & activity history

Traffic to Vaultrix uses encrypted web connections (HTTPS). Information held in our cloud environment is protected at rest with strong, industry-standard encryption suited to our hosting setup.

Highly sensitive connection details (for example mailbox tokens) receive additional encryption inside the product where we implement it.

Important actions are recorded in an activity history that routine product use does not rewrite or erase—supporting a clear record for regulated transactions.

5.Who can see what

Every party in a deal room gets permissions tied to their role: merchant bankers and designated deal leads usually see the full workflow, while other parties are limited to the sections and actions their mandate covers.

Vaultrix enforces those rules on our systems, not only on screen. Access-related activity appears in the activity history so firms can trace who did what, and when.

6.DPDPA alignment

Vaultrix processes personal data in line with India's Digital Personal Data Protection Act 2023. Notices, retention, and breach-handling practices are described in our Privacy Policy.

Our Data Processing Agreement is available for client legal teams. For privacy rights requests or security questionnaires, email admin@vaultrix.ai.

7.ISO 27001 certification — in progress

We are working toward ISO/IEC 27001 certification for our information security management system through a recognised certification body.

Timeline depends on audit readiness and the certification body schedule—we'll update this page once certification is achieved.