Skip to main content
Kapiital Systems logo

Trust

Compliance is a feature, not a constraint.

We built Kapiital products to operate inside the Indian regulatory environment, comfortably. RBI DLG, the SRO regime, data localisation, scale-based regulation — these are protections for the borrower and the system.

Compliance

Where we stand on every framework that matters.

  • RBI Digital Lending Guidelines

    Disclosures, consent capture, audit trail. Compliant with the September 2022 framework and subsequent updates.

  • SRO regime under FACE

    Pre-built disclosures and reporting for Self-Regulatory Organisation obligations.

  • Data localisation

    Customer data hosted in India. AWS Mumbai (ap-south-1).

  • Scale-based regulation

    Pre-built reports for Base, Middle, Upper, and Top Layer NBFCs.

  • NBFC-MFI compliance

    Qualifying asset ratio reporting, household indebtedness checks.

  • Section 8 lenders

    Companies Act overlay built in.

  • SOC 2 Type 2

    In process for 2026.

  • ISO 27001

    In process for 2026.

Security

Architecture, not assertions.

The structure that backs the compliance posture. Detailed security documentation is shared with customers on request, under NDA.

  • Network isolation

    VPC isolation. WAF in front of all customer-facing endpoints.

  • Encryption

    In transit (TLS 1.2+). At rest (AES-256). Per-customer keys on single-tenant and enterprise plans.

  • Pen testing

    Quarterly third-party penetration testing. Reports shared on request under NDA.

  • Dependency hygiene

    Continuous dependency scanning. Critical CVEs patched within 48 hours.

  • Incident response

    Documented runbook. 24-hour customer notification on confirmed breach.

  • Disaster recovery

    Daily backups to a separate region. Point-in-time recovery for 30 days. Annual DR test.

Customers and integration partners

Placeholder — 6 partner / customer logos. SVG or transparent PNG, monochrome.

  • LOGO 01
  • LOGO 02
  • LOGO 03
  • LOGO 04
  • LOGO 05
  • LOGO 06

Where the data lives

India-resident, by default.

Customer data is stored in AWS Mumbai (ap-south-1). It does not leave the region without explicit authorisation. We do not use customer data to train any model that is shared across customers.

Request the security pack →

Have a specific compliance question?

Email compliance@kapiital.com and we will reply within one working day.

Email compliance