Tetra runs against the following 18 controls. Each control is operating today on every customer deployment. Not aspirational, not roadmapped, not configurable down.
01
India data residency
All Tetra customer data is stored within India. No cross-border transfer of conversation content, files, or recordings. Hosted in Indian-operated data centres with documented physical and logical access controls.
02
Consent and purpose limitation
User data is collected only for stated purposes and processed only for those purposes. Consent is recorded at the platform level and exposed through the admin console for audit.
03
Right to access and deletion
User-level data access requests and deletion requests are handled within statutory timelines. Hard delete, not soft delete. Tenant administrators can initiate deletion for departing users.
04
DPDP-compliant by design
DPDP requirements are baked into the architecture and the data model, not retrofitted as a feature flag. Compliance is the default, not the checkbox.
05
End-to-end encryption
Every message, every file, every ICAN recording is end-to-end encrypted. Only the intended recipients can read. The architecture does not allow Tetra-side decryption.
06
Encryption in transit
TLS 1.3 for all client connections. No HTTP fallback. HSTS enforced. Inter-service communication within Tetra also TLS-encrypted.
07
Per-tenant key isolation
Encryption keys are scoped to the tenant. No customer can access another customer’s keys, conversations, or recordings. Key rotation policies enforced.
08
Zero data on edge devices
No conversation data persisted on phones, laptops, or tablets. Cloud-only persistence. A lost laptop, a stolen phone, or a compromised endpoint exposes no thread, no file, no recording.
09
Session-bound access
Access requires an active session. Session invalidation propagates immediately to all device clients on password change, admin revocation, or device sign-out.
10
No screenshot for private threads
Private threads display screenshot warnings on supported platforms. The platform makes confidential conversations harder to leak by accident.
11
SSO via SAML and OIDC
Enterprise SSO via SAML 2.0 and OIDC. Tetra integrates into your existing identity provider — Okta, Azure AD, Google Workspace, or any compliant IdP.
12
Two-factor authentication
2FA via authenticator apps available for non-SSO users. Required at first login from a new device. Tenant administrators can enforce 2FA across the workspace.
13
Role-based access control
Per-thread admin privileges. Per-workspace role assignments. Thread membership is the unit of access — not the workspace, not the channel.
14
Off-boarding workflows
Departing user access is revocable in seconds from the admin console. Their thread membership is removed; the threads themselves continue with the remaining members.
15
Comprehensive audit trail
Every user action, every thread modification, every ICAN recording, every admin operation is logged with timestamp, user, and IP. Audit logs are immutable and exportable in standard formats for SIEM ingestion.
16
Tenant-scoped admin console
Tenant administrators have full visibility into their workspace activity. No visibility across tenant boundaries. Admin actions are themselves audited.
17
Independent security reviews
Security architecture reviewed periodically by independent specialists. Findings remediated with documented timelines. Reports available under NDA for customer security reviews.
18
Backup and recovery
Customer data backed up to separate, encrypted, geographically distributed storage. Disaster recovery procedures tested periodically with documented RTO and RPO commitments.