Trust & Compliance
Security and regulatory compliance are foundational, not features. Pixabits meets the highest standards required by Indian regulators, global frameworks, and enterprise customers.
Full compliance with Telecom Regulatory Authority of India regulations. Native DLT integration for entity, header, and template registration. NCPR/DND scrubbing on every message.
Information Security Management System certification. Annual audits ensure continuous compliance with international security standards across all operations.
General Data Protection Regulation compliance for EU data subjects. Data processing agreements, right to erasure, data portability, and lawful basis documentation.
Full compliance with the Information Technology Act 2000 and its amendments, including the Digital Personal Data Protection Act 2023 and intermediary guidelines.
Payment Card Industry Data Security Standard Level 1 compliance. All payment processing through certified partners (Razorpay). No card data stored on Pixabits systems.
Service Organization Control 2 Type II attestation covering Security, Availability, and Confidentiality trust service criteria. Audit period covers 12 months of continuous controls.
TRAI mandates DLT registration for all commercial messaging in India. Here is how it works with Pixabits.
Register your business as a Principal Entity on an authorized DLT platform (Jio, Airtel, Vodafone Idea, or BSNL). You receive a unique Entity ID that identifies your organization across all operators.
Register all sender headers (e.g., PIXABT) that will appear as the sender name on recipient devices. Each header must be approved by the DLT platform before use. Pixabits validates headers against DLT records before sending.
Submit and get approval for every message template you plan to send. Templates define the fixed and variable parts of your messages. Pixabits automatically validates message content against registered templates before delivery.
Data Residency
All primary data — including message logs, delivery reports, customer records, and API call metadata — is stored in AWS Mumbai (ap-south-1) data centers within Indian borders. No personal data leaves India unless explicitly configured by you for international message routing. Backup and disaster recovery infrastructure is maintained in a secondary Indian region.
Download our compliance whitepaper or contact our security team for detailed assessments and vendor questionnaires.