Regulated categories — pharma-adjacent wellness, beauty with allergen labels, food with regulatory packaging — cannot tolerate AI drift on a single frame. Drishti’s verification stack and append-only audit log are the answer. Ship imagery you can defend in a regulator’s inbox.
When the InfoSec team and procurement desk arrive at the demo, these are the four answers we lead with. Each is verifiable — in our architecture, in our database triggers, in our deployment topology.
Drishti maps cleanly to the Digital Personal Data Protection Act, 2023 and EU GDPR. Explicit purpose-bound consent at signup, Article 17 erasure cascade, Article 20 portability export, scoped audit retention, and a designated DPO role at the database level.
Full postureaudit_log refuses UPDATE and DELETE at the database trigger level. Engineers, admins, and the DBA cannot silently rewrite history. Seven-year retention, immutable at the row, exportable in JSON or CSV for compliance audits and litigation hold.
Audit referenceBring your own Gemini API key. The key never sits decrypted at rest. AES-256-GCM envelope encryption with the data key wrapped by your own AWS KMS CMK, unwrapped only inside the generation worker and discarded on completion. Rotation supported without re-encryption.
Key handlingFor SOC 2 / HIPAA-adjacent buyers, the eight-stage verification stack — Pixaris orchestration, DINOv2, SAM-2, PaddleOCR, ΔE-2000, the Gemini judge — can be deployed inside the customer’s own VPC. Generation can stay in the Drishti tenant or move on-prem too.
Discuss deploymentThe Enterprise tier is the answer when your procurement desk has a questionnaire, your security team has a posture, and your legal team has a redlined DPA template. Each item below is delivered by default — not as an add-on.
No monthly ceiling. Per-mode credit cost held constant; total volume sized to your launch calendar. Annual contracts with locked rates for 1, 2, or 3 years.
OIDC integration with Google Workspace, Okta, Azure AD, OneLogin, JumpCloud, or any custom IdP that speaks OIDC. SCIM provisioning de-provisions seats the moment HR offboards the employee.
Full SAML 2.0 for IdPs that prefer it. SCIM 2.0 push and pull for automated user lifecycle. Group-to-role mapping persisted on the workspace, audited on every change.
Data Processing Agreement, sub-processor list, vendor security questionnaire (CAIQ / SIG Lite / custom) returned within five business days of the procurement intake. No back-and-forth on standard clauses.
Every quarter our creative-quality team samples 100 randomly-selected gens from your workspaces, runs them through an independent verifier, and ships a fidelity drift report — with thresholds and per-vault recommendations.
A named CSM at a 1:3 account ratio, staffed IST business hours, with a shared Slack Connect channel. Direct phone line for P0 escalation. Quarterly business review with creative output audit and ROI summary.
Drishti operates as a designated Data Fiduciary under the Digital Personal Data Protection Act, 2023. Every workspace has a scoped consent log, a thirty-day right-to-erasure workflow, and a notified Data Protection Officer role enforced at the database. The audit log is immutable — BEFORE UPDATE/DELETE triggers raise an exception so nobody, not even the DBA, can rewrite history.
For the India–EU customer overlap, Article 20 portability ships your generations, brand vaults, and metadata as a structured ZIP within twenty-four hours. Article 17 erasure cascades through Cloudflare R2 and Postgres in a single transaction. Cookie and analytics consent matches EU expectations — no dark patterns, no pre-ticked boxes.
Every tenant table runs Postgres Row-Level Security with FORCE enabled, so cross-tenant queries are impossible by construction. The audit log keeps prev/next JSONB snapshots on every change, retained for seven years to satisfy Indian and EU financial-records statutes. Encrypted backups in ap-south-1, lifecycle-policied, key-rotated quarterly.
Not third-party certifications. Drishti-attested postures based on architecture and process. SOC 2 Type II audit underway — reach out if you need to see the scoping memo.
Each strip below explains why Drishti’s particular guarantees — the OCR gate, the audit log, the compliance overlay, the data-residency options — matter to that category in a way they would not to a generic D2C brand.
Public-company beauty and wellness brands ship hundreds of SKUs across multiple geographies, each with its own allergen, ingredient, and claim regulations. A wrong allergen pictogram on a generated pack is a recall event. Drishti’s OCR Levenshtein gate refuses to ship any frame where the label text drifts more than 0.5 from the source — it’s the only guarantee that scales.
Indian food and spice brands face FSSAI logo, MRP, and country-of-origin requirements (Legal Metrology Rule 6(10A)) on every pack. The compliance overlay mode renders these blocks with verified placement and verified text before the verifier signs the frame. Festival catalogues — Diwali, Holi, Onam, Pongal, Eid, Christmas — carry locked palettes per region.
Luxury jewellery houses care about archive-fidelity and on-model diversity. The brand-trained Gemini overlay (₹4 lakh/yr per brand) fine-tunes on your archive — Mughal miniature on white, Art Deco gold gradients, Vermeer chiaroscuro — to a 95%+ fidelity baseline. On-model apparel mode renders India-default model diversity by default; one toggle for global.
Brands shipping to more than three countries hit a data-residency wall. Drishti supports India-only, EU-only, or US-only options for generation, storage, and backups; multi-region tenants run a primary in ap-south-1 with sub-processor replication policies signed per region. DPA addenda per region available off the shelf.
Verified before ship, signed with C2PA, retained for seven years. That’s the contract enterprises sign with Drishti.
