Trust & Security

Security at Setu

Last updated: 21 June 2026

We know you're trusting us with sensitive prompts and customer data. Here's how we protect it.

Encryption everywhere

All traffic is encrypted in transit with TLS. Sensitive data is encrypted at rest.

Hashed API keys

We store only SHA-256 hashes of API keys — the full key is shown to you once and never persisted.

Isolated tenancy

Every account and organization is logically isolated; data is scoped per tenant at the query layer.

Audit & monitoring

Usage and access are logged. We monitor for anomalous activity and abuse.

Least privilege

API keys can be scoped to specific products and rate-limited to reduce blast radius.

Data residency

Built in India with options for regional data handling for enterprise customers.

Compliance

We follow industry best practices and are progressing toward SOC 2. Enterprise customers can request a DPA and our security documentation.

Responsible disclosure

Found a vulnerability? Report it to security@dwet.ai. We appreciate coordinated disclosure and will respond promptly.