This document summarizes the security practices Digital Outcomes Technologies Private Limited (“Predixion AI”) applies to protect data processed through VOIZ, KOLLECT, LEADX, and AGENTX. It is a public-facing summary intended for prospective and current clients; our complete internal Information Security Policy and supporting procedures are more detailed and available to clients and auditors under appropriate confidentiality arrangements.
1. Governance
- A designated internal owner is responsible for information security policy, exceptions, and incident response coordination.
- Security practices are reviewed periodically and updated to reflect changes in infrastructure, applicable law (including the Digital Personal Data Protection Act, 2023 and Rules, 2025), and client requirements.
- Client data is processed only to deliver and improve the services provided to that client. We do not use one client's data to train general-purpose or cross-client machine-learning models, and we do not share one client's data with another.
- New employees and contractors with access to client data undergo security and confidentiality onboarding, and sign confidentiality undertakings.
2. Data Encryption
- Data in transit is encrypted using industry-standard protocols (TLS).
- Data at rest, including call recordings, transcripts, and borrower/customer records, is encrypted using industry-standard encryption.
3. Access Control
- Access to production systems and client data is granted on a least-privilege, role-based basis, and reviewed periodically.
- Multi-factor authentication is required for administrative and remote access to production systems.
- Access is promptly revoked upon a team member's change of role or departure.
4. Network and Infrastructure Security
- Production infrastructure runs on reputable cloud providers (including Microsoft Azure and Amazon Web Services), using India-based regions (such as Mumbai) consistent with data residency and performance objectives for our India-based clients, with network segmentation, firewalls, and restricted administrative access.
- Access to production systems is restricted, monitored, and reviewed periodically.
5. Logging and Monitoring
- Access to systems processing personal data is logged, and logs are retained for a minimum of one year, consistent with DPDP Law, for security investigation and audit purposes.
- Key systems are monitored for anomalous activity.
6. Business Continuity and Backups
- Client and operational data is backed up on a regular schedule, with backups encrypted and stored separately from primary systems.
- Disaster recovery procedures are documented and periodically tested.
7. Incident Response and Breach Notification
- Predixion AI maintains a documented incident response process covering detection, containment, investigation, and notification.
- Where a security incident affects a client's data, Predixion AI will notify the affected client without undue delay, consistent with the notification timeline agreed in the applicable Data Processing Agreement, to support the client's own regulatory notification obligations.
8. Vendor and Sub-processor Security
- Predixion AI evaluates the security practices of sub-processors (including speech, hosting, and infrastructure providers) before engagement, and requires contractual data protection and security commitments.
- A current list of sub-processors is available in Predixion AI's published Sub-processor List.
9. Employee Practices
- Personnel with access to client data are bound by confidentiality obligations as a condition of employment or engagement.
- Security awareness training is provided to relevant personnel and refreshed periodically.
10. Certifications and Compliance Roadmap
Predixion AI has implemented security and compliance practices in connection with its enterprise BFSI client engagements, including governance and control documentation aligned with recognized frameworks. We are currently working toward SOC 2 and ISO/IEC 27001 certification. We are happy to complete client security questionnaires and share additional detail under NDA.
11. Contact
For security-related inquiries, please contact:
Email: legal@predixion.ai