Your institution's data is yours — and it stays that way
Sikgen AI is built from the ground up with per-tenant isolation, encrypted transmission, and modern authentication — so you can deploy with confidence.
How we protect your data
Per-tenant data isolation
Every institution's data lives in a dedicated logical store. No cross-tenant data leakage is architecturally possible.
JWT authentication + HTTPS
All sessions authenticated via JSON Web Tokens. All traffic encrypted with TLS 1.2+ enforced. Cookies are HttpOnly and SameSite=Strict.
Rate limiting & brute-force protection
All authentication endpoints rate-limited. IP-based throttling prevents credential stuffing and brute-force attacks.
PostgreSQL with encrypted backups
Transactional PostgreSQL database with daily encrypted backups and point-in-time recovery. Data retained per contractual terms.
.NET 10 hardened infrastructure
Built on the latest .NET runtime with security middleware, CORS policies, input sanitisation, and SQL injection prevention via parameterised queries.
OWASP Top 10 mitigations
Security controls mapped to OWASP Top 10: no eval(), parameterised DB queries, Content-Security-Policy headers, CSRF tokens on state-changing forms.
Compliance & Data Processing
For institutional customers operating under GDPR (EU/UK), India's Digital Personal Data Protection (DPDP) Act, or other data-protection regulations, we offer a Data Processing Agreement (DPA) as part of the Enterprise plan contract.
Student data is retained only as long as required by the contract. On termination, data is exported and deleted within 30 days per your written request.
AI processing (RAG queries, Whisper transcription) is performed server-side on your institution's data only. We do not use institution or student data to train general models.