Security & Data Protection
Your users trust you with their financial documents. We built Lekhā so you never have to compromise that trust.
How documents flow
Documents exist in memory only for the duration of the API call. Once the structured JSON response is sent, the original document is gone. No filesystem writes, no database storage, no temporary files.
Zero data retention
- ✓Documents are never written to disk or stored in any database
- ✓No document content appears in application logs
- ✓Processing happens entirely in memory — request-scoped, garbage collected after response
- ✓We log only metadata: API key ID, document type, processing time, success/failure status
DPDP Act compliance
India's Digital Personal Data Protection Act 2023 establishes obligations for entities that process personal data. Lekhā's zero-retention architecture means most DPDP obligations don't apply:
No data fiduciary obligations
We don't determine the purpose of personal data processing — your application does. We're a processor that discards data immediately.
No consent management needed
Since we don't retain personal data, there's no stored data to manage consent for. Your application handles consent with your users directly.
Cross-border data transfer — plan-dependent
Pro and Scale plans use Anthropic (Claude) — data processed on US servers with zero retention. Free plan routes through OpenRouter to open-source models (e.g. Qwen) which may be hosted on third-party infrastructure outside India. For full data sovereignty, use a paid plan or deploy on-prem with Docker.
Right to erasure — automatic
There's nothing to erase. Documents are gone the moment the API response is sent. No deletion requests needed.
AI provider data routing
Lekhā uses different AI providers depending on your plan. Each has different data handling characteristics:
| Plan | AI Provider | Data Location | DPDP Status |
|---|---|---|---|
| Pro / Scale / Enterprise | Anthropic (Claude Sonnet 4) | US — Anthropic infrastructure | Zero retention, clear data policy |
| Free | OpenRouter → Qwen2.5-VL-72B | US (OpenRouter) → third-party hosting | Review OpenRouter's data policy |
| On-Prem (Docker) | Ollama (self-hosted) or your Anthropic key | Your infrastructure | Full data sovereignty |
Important: If you process documents containing PII (PAN numbers, bank account details, salary information) under the DPDP Act, we recommend using a paid plan (Anthropic) or on-prem deployment. The free plan routes data through third-party infrastructure where data residency cannot be guaranteed.
PII handling
Extraction outputs may contain PII — names, account numbers, PAN numbers, tax details. This data is returned directly to the API caller in the JSON response. Lekhā does not store, index, search, or process PII beyond the scope of the extraction request. PII handling and storage is the responsibility of the calling application.
Infrastructure security
- ✓HTTPS everywhere — all API traffic encrypted in transit via TLS 1.3
- ✓API key authentication — keys are hashed, never stored in plaintext
- ✓Rate limiting per API key — prevents abuse and runaway costs
- ✓Request isolation — each extraction runs in its own scope with no shared state
- ✓10 MB max request body — prevents resource exhaustion attacks
On-prem deployment
For regulated industries — banking, insurance, government — deploy Lekhā on your own infrastructure. Documents never leave your network.
Bring your own Anthropic API key and PostgreSQL. Full data sovereignty with zero cloud dependency.
Lekhā vs ChatGPT / Claude Web
When developers send financial documents to general-purpose AI chatbots, here's what happens to the data:
| Lekhā | ChatGPT / Claude Web | |
|---|---|---|
| Document storage | None | Stored in conversation history |
| Training on your data | Never | May be used for training |
| PII logging | None | Logged in conversations |
| Data retention | 0 seconds | 30 days+ |
| On-prem deployment | Yes — Docker | No |
| DPDP Act compliant | Yes (paid/on-prem) | Varies |