For security, compliance, legal & procurement teams

Trust Center

Everything a security or procurement review needs — how OBP is engineered, what you can verify yourself today, and an honest roadmap. We don't ask you to take our word for it.

The honest answer to “how do we know it’s true?”

You don’t take our word for it — you verify it. Every OBP record is independently verifiable: your team, your auditor, or a court-appointed expert can confirm its integrity without relying on OBP.

We hold no external certifications yet, and we say so plainly (see the roadmap). We would rather earn your confidence through what you can verify than claim a badge we don’t hold. Trust by design — not by promise.

Engineered in — and verifiable today

What is shipped and independently checkable right now.

Recording architecture

Meetings and decisions are captured court-grade and complete — every participant accounted for, any gap disclosed, never hidden.

Tamper-evident design

Every record is SHA-256 hash-chained. Any alteration is detectable and provable — you never take integrity on faith.

Immutable storage (WORM)

Records are written to write-once (WORM / Object-Lock) storage — they cannot be silently overwritten or deleted.

Independent verification

Integrity can be checked by you, your auditor, a regulator, or a court-appointed expert — without relying on OBP.

India data residency

Records stay on India-resident infrastructure; data handling is DPDP-aware.

Complete audit trail

A court-admissible manifest accompanies every recording, end to end.

Security posture

Controls in place today.

Encrypted in transit

All traffic over HTTPS / TLS.

No card data stored

Payments handled by Razorpay; OBP never stores your card details.

India-resident cloud

Infrastructure in India; sovereign-cloud-ready architecture.

Least-privilege access

Scoped cloud IAM; secrets are environment-driven, never in code.

Security & validation roadmap

Commitments we are working toward — not current certifications. Honest status shown.

Independent validation of court-admissibility at scale

In progress

Our own reliability gate proving 100% court-grade recording at enterprise scale. "Proven at scale" is claimed only when this passes.

Third-party security assessment (VAPT)

Planned

External penetration test and vulnerability assessment.

SOC 2 (Type II)

Planned

Independent audit of security, availability, and confidentiality controls.

ISO / IEC 27001

Planned

Certified information-security management system.

DPDP compliance mapping

In progress

Formal mapping to India’s Digital Personal Data Protection Act.

We update this roadmap as items complete — and we will never mark one done before it is independently true.

Enterprise security FAQ

Not yet — and we will not pretend otherwise. What you can rely on today is stronger than a badge: every record is independently verifiable by your own team or a third party, without trusting us. Formal certifications (SOC 2, ISO 27001) are on the roadmap below. We would rather earn your confidence through what you can verify than claim a certification we do not hold.

Looking for the business-level view of how trust is built?

How OBP builds trust

Bring your security team

Request a security review, or start a ₹1 trial and verify it yourself.

Court-gradeTamper-evidentImmutable (WORM)Independent verificationIndia-resident