← Trust Center

TRUST · DATA HANDLING

KAVACH data handling and privacy

What KAVACH processes, where it lives, and what stays inside the customer-defined boundary. This page is about workspace data handling; for website-level privacy obligations, see the Privacy Policy.

PRINCIPLES

Four principles that shape data handling

  • Customer-defined boundary

    Every deployment model is designed around the principle that sensitive vehicle-architecture and cybersecurity programme data stays inside the customer-defined boundary.

  • No training on customer data

    KAVACH is not designed to train models on customer architecture, TARA outputs, or other programme data. Use of customer data for any secondary purpose, including model training, requires an explicit written agreement.

  • Customer-initiated export

    Exports — PDF, DOCX, structured work-product formats — are driven by the customer's engineering team. Agnile does not automatically retrieve customer artefacts from a deployed workspace.

  • Single-tenant separation

    Customer-dedicated VPC deployments are scoped to one customer. KAVACH is not designed to share programme data across customer-dedicated deployments.

DATA CATEGORIES

What KAVACH may process

The exact data flowing through KAVACH depends on the programme scope. The four categories below cover the common cases.

CATEGORY 01

Architecture and design inputs

Examples
Vehicle architecture descriptions, ECU lists, network topologies, signal flows, AUTOSAR ARXML files, trust boundaries, interface descriptions, and any architectural artefacts engineers supply to KAVACH.
Boundary
Designed to stay inside the customer-defined boundary. The customer-controlled desktop, on-premise model, and customer-dedicated EU VPC all retain architecture inputs inside the customer's deployment.

CATEGORY 02

TARA artefacts

Examples
Damage scenarios, threat scenarios, attack paths, attack feasibility ratings, risk determinations, risk-treatment decisions, security goals, and cybersecurity controls.
Boundary
Designed to stay inside the customer-defined boundary. TARA records are not transmitted to Agnile or any third party unless the customer explicitly exports or shares them.

CATEGORY 03

Cybersecurity work products

Examples
Cybersecurity Plan, Cybersecurity Case fragments, Cybersecurity Interface Agreement drafts, validation evidence, and other ISO/SAE 21434 work-product artefacts.
Boundary
Designed to stay inside the customer-defined boundary. Export workflows (PDF, DOCX, structured formats) are customer-initiated.

CATEGORY 04

Operational metadata and logs

Examples
User activity for review-trail purposes, workspace configuration, system performance metrics, and error/exception telemetry.
Boundary
In customer-controlled and on-premise deployments, this stays on customer infrastructure. In the customer-dedicated EU VPC option, operational metadata is retained inside the customer's VPC under the engagement's data-handling terms.

LEGAL REFERENCE

Website-level privacy policy

The website-level privacy policy covers data Agnile collects through agnile.com — contact forms, demo requests, careers submissions, and hosting logs. It is a separate document from this Trust Center page and is the canonical reference for those website-level obligations. Read it at /privacy.

FAQ

Data handling FAQ

Data-handling review on KAVACH? Bring the constraints.

Procurement and data-protection reviewers routinely walk through KAVACH data flows, boundaries, and customer-controlled options in a working session — under NDA where needed.