Engineered in — and verifiable today
What is shipped and independently checkable right now.
Recording architecture
Meetings and decisions are captured court-grade and complete — every participant accounted for, any gap disclosed, never hidden.
Tamper-evident design
Every record is SHA-256 hash-chained. Any alteration is detectable and provable — you never take integrity on faith.
Immutable storage (WORM)
Records are written to write-once (WORM / Object-Lock) storage — they cannot be silently overwritten or deleted.
Independent verification
Integrity can be checked by you, your auditor, a regulator, or a court-appointed expert — without relying on OBP.
India data residency
Records stay on India-resident infrastructure; data handling is DPDP-aware.
Complete audit trail
A court-admissible manifest accompanies every recording, end to end.
Security posture
Controls in place today.
Encrypted in transit
All traffic over HTTPS / TLS.
No card data stored
Payments handled by Razorpay; OBP never stores your card details.
India-resident cloud
Infrastructure in India; sovereign-cloud-ready architecture.
Least-privilege access
Scoped cloud IAM; secrets are environment-driven, never in code.
Security & validation roadmap
Commitments we are working toward — not current certifications. Honest status shown.
Independent validation of court-admissibility at scale
In progressOur own reliability gate proving 100% court-grade recording at enterprise scale. "Proven at scale" is claimed only when this passes.
Third-party security assessment (VAPT)
PlannedExternal penetration test and vulnerability assessment.
SOC 2 (Type II)
PlannedIndependent audit of security, availability, and confidentiality controls.
ISO / IEC 27001
PlannedCertified information-security management system.
DPDP compliance mapping
In progressFormal mapping to India’s Digital Personal Data Protection Act.
We update this roadmap as items complete — and we will never mark one done before it is independently true.
Enterprise security FAQ
Not yet — and we will not pretend otherwise. What you can rely on today is stronger than a badge: every record is independently verifiable by your own team or a third party, without trusting us. Formal certifications (SOC 2, ISO 27001) are on the roadmap below. We would rather earn your confidence through what you can verify than claim a certification we do not hold.
Looking for the business-level view of how trust is built?
How OBP builds trustBring your security team
Request a security review, or start a ₹1 trial and verify it yourself.