Help Center Report an Issue Legal Protocols Privacy & Security Contact iDharma

Security & Compliance

iDharma is built to support secure, compliant, and ethical AI transformation at scale.

Our infrastructure, workflows, and partner requirements are designed to meet the expectations of modern enterprises operating under strict privacy, regulatory, and data security standards.

Platform-Wide Security Principles

  • Zero-Trust Architecture – Every user session is scoped and verified, with tiered access controls.
  • End-to-End Encryption – All project data, documentation, and messaging are encrypted in transit and at rest.
  • Scoped Data Access – Only assigned project participants can view scoped deliverables or contract details.
  • Audit Logging – Every platform interaction (proposal, milestone, payment) is logged with immutable records.
  • No Data Resale or Mining – iDharma does not access, mine, or resell client or consultant data for any purpose.

Regulatory Alignment

We align our governance and system design with major global compliance frameworks, including:

Framework Applicability
GDPR (EU) User data rights, retention policies, consent-driven workflows
ISO/IEC 27001 Platform security posture, infrastructure controls, audit protocols
SOC 2 (Type II) Internal control readiness for enterprise clients (in process)
NIST AI RMF AI risk management principles, bias minimization, explainability
OECD AI Principles Human-centered design, transparency, accountability

iDharma works with legal and compliance experts across key jurisdictions to adapt as regulatory landscapes evolve.

Data Protection Practices

  • Role-based access permissions for enterprise teams
  • 2FA required for all verified consultants, vendors, and buyers
  • Client deliverables stored only during active projects unless otherwise authorized
  • Platform-only messaging and file transfer to avoid external risk vectors
  • Optional NDA and IP assignment templates available at project launch

Consultant & Vendor Requirements

All service providers and tool vendors must agree to:

  • Disclose how their tools collect, store, or process data
  • Avoid use of user-provided data in model retraining (unless explicitly permitted)
  • Uphold client confidentiality and platform IP protocols
  • Respond to data access or deletion requests within defined response windows
  • Use secure repositories and source tracking for shared deliverables

Non-compliance may result in suspension, delisting, or permanent removal from the platform.

Enterprise Controls

For mid-sized and enterprise accounts, iDharma supports:

  • Admin-level dashboards with scoped project permissions
  • Legal review of custom contracts and tool license terms
  • Custom retention periods and offboarding data deletion
  • Internal audit snapshots upon request
  • Secure procurement integrations (coming soon)

Trust by Infrastructure

  • Secure AWS-based hosting with geographic redundancy
  • Daily backups and encrypted key rotation
  • Internal staff access restricted by role, region, and project
  • All platform logic undergoes periodic penetration testing and static code audits

Contact Our Compliance Team

Submit a Security Inquiry Request a Compliance Package Schedule a Vendor Risk Review

Security is not optional. Compliance is not retrofitted.

At iDharma, both are built in from day one.