๐ง AI & Governance
How ReraDesk stays compliant
Our AI model validation, human oversight design, data residency controls, and DPDPA 2023 governance framework โ explained in plain language for developers, CAs, and enterprise buyers.
Published: 1 April 2026 ยท Reviewed quarterly ยท Contact: privacy@reradesk.in
๐ฎ๐ณ
India Data Residency
All data stored in AWS Mumbai. Nothing leaves India.
๐ค
Human-in-the-Loop
Zero auto-submission. CA certifies every QPR.
๐
Explainable AI
Every extracted field cites its source document and line.
โ๏ธ
DPDPA 2023
We are a Data Processor. Your org is the Fiduciary.
โ๏ธ DPDPA 2023 โ Our role and yours
Digital Personal Data Protection Act 2023 ยท Rules notified November 2025
The most important thing to understand: Under DPDPA 2023, ReraDesk is a Data Processor โ we process data on your documented instructions. Your organisation (developer, CA firm, or lender) is the Data Fiduciary โ you determine the purpose and bear primary regulatory liability (up to โน250 Crore). This distinction is non-shiftable under ยง10 DPDPA 2023.
๐
What your organisation must do (Data Fiduciary)
- Determine why personal data is processed
- Obtain and manage buyer consents
- Respond to data principal rights requests
- Report breaches to the Data Protection Board
- Maintain a data map of all processing activities
YOUR responsibility
๐ก
What ReraDesk does (Data Processor)
- Process data only per your instructions
- Maintain AES-256 encryption and access controls
- Notify you of breaches within 72 hours
- Delete data per your retention instructions
- Never use your data for our commercial purposes
ReraDesk responsibility
ReraDesk's DPDP Consent Manager (available in-app) provides tools to help your organisation manage buyer opt-ins, generate data maps, and draft breach notifications โ but the legal obligation to act on these remains with your organisation as Data Fiduciary.
๐ง AI model design โ how extraction works
Every AI suggestion is traceable, auditable, and requires human confirmation
Step 1 โ Document ingestion
You upload bank statements, cost certificates, architect reports, or QPR drafts. Files are encrypted at rest immediately on receipt (AES-256). They do not leave India at any point in this pipeline.
AWS Mumbai ยท Encrypted in transit (TLS 1.3) and at rest (AES-256)
Step 2 โ AI extraction (Amazon Bedrock, Mumbai)
Amazon Bedrock models extract QPR field values โ financial progress, physical completion, unit sales, escrow balances. Bedrock is invoked in the ap-south-1 (Mumbai) region. Your documents are not used to train Bedrock's base models.
Amazon Bedrock AgentCore ยท Mumbai region ยท No model training on your data
Step 3 โ Source traceability
Every extracted value is tagged with: the source document name, the specific page and line it was found on, a confidence score (High / Medium / Low), and the exact text snippet it was extracted from. Users can click any value in the QPR wizard to see its source.
Explainable AI ยท Full source citation per field ยท Confidence scoring
Step 4 โ Human review (mandatory)
The QPR wizard requires the authorised user to review every extracted field. Low-confidence fields are flagged for explicit confirmation. No field proceeds to the submission step without user review.
Human-in-the-loop ยท Mandatory review ยท Cannot be bypassed
Step 5 โ CA certification (gate)
A hard gate requires the Chartered Accountant to enter their full name, ICAI Membership Number, and firm name, then check a certification checkbox โ affirming professional liability under the ICAI Code of Ethics and RERA 2016. The submission button is disabled until both the promoter declaration and CA certification are complete.
DSC certification required ยท Promoter declaration required ยท No auto-submit
Step 6 โ Audit trail locked
On submission, a SHA-256 timestamped audit trail is created: which user filed, which CA certified, what fields were extracted vs manually entered, and what documents were cited. This trail is immutable and available for court proceedings or RERA authority inspection.
SHA-256 timestamp ยท Immutable ยท Court-admissible under ยง65B Evidence Act
๐ฎ๐ณ Data residency and infrastructure
All ReraDesk data remains in India at all times
| Component |
Provider |
Location |
Status |
| Application hosting |
Cloudflare Pages |
Global CDN (static assets only โ no personal data) |
โ Live |
| Database (project data, filings) |
Supabase (PostgreSQL) |
Mumbai (ap-south-1) ยท Row-Level Security enabled |
โ Live |
| Document storage |
AWS S3 |
Mumbai (ap-south-1) ยท AES-256 SSE |
โ Live |
| AI extraction |
Amazon Bedrock |
Mumbai (ap-south-1) ยท No cross-region data transfer |
โ Live |
| Authentication |
Supabase Auth |
Mumbai ยท Passwords bcrypt-hashed |
โ Live |
| Payment processing |
Razorpay |
India ยท PCI-DSS compliant ยท No card data stored by ReraDesk |
โ Planned |
| Product analytics |
PostHog |
EU Cloud (anonymised, no personal data) ยท Opt-out available |
โ Planned |
๐ Access control and security
Who can see your data, and under what conditions
๐ฅ
Organisation-level isolation
Supabase Row-Level Security (RLS) ensures each organisation can only query its own data. No cross-tenant data access is possible at the database level โ this is enforced by the database itself, not just application code.
๐งโ๐ป
ReraDesk staff access
No ReraDesk employee can access your project data without a documented, time-limited authorisation. All staff access is audit-logged. Access is limited to support engineers with a valid support ticket open.
๐
DSC and private keys
ReraDesk never receives, stores, or transmits your DSC private key. Digital signature operations use your local browser extension or USB token. The private key never leaves your device.
โ ๏ธ
Breach response
In case of a confirmed breach, affected organisations are notified within 72 hours. Notification includes: what data was affected, likely impact, steps taken, and recommended actions for your organisation.
๐ค Human oversight โ the non-negotiable design principle
ReraDesk is a decision-support system, not an autonomous compliance engine
Our position on AI autonomy in compliance: RERA compliance has real legal and financial consequences for promoters and their CAs. ReraDesk is designed as a Human-in-the-Loop (HITL) system at every step that matters. AI extracts and suggests โ humans review, certify, and decide. This is not a limitation; it is deliberate governance design.
Specific HITL checkpoints built into the platform:
- QPR wizard: Cannot proceed past Step 6 without promoter declaration checkbox + CA name, ICAI number, and certification checkbox
- GST-ITC reconciliation: IMS invoice Accept/Reject actions are manual โ no auto-accept
- Form-7 Tally reconciler: CA certification button is disabled while any variance is unresolved
- 3-Account compliance score: Displayed as an analytical indicator with visible methodology โ not a compliance certificate
- CIRP risk scores: Displayed with full methodology disclosure โ not a legal insolvency opinion
- QR Embedder: Generates compliant QR codes โ but uploading to promotional material is done by the user, not automated
The phrase "ReraDesk suggests ยท CA decides ยท RERA authority rules" is displayed prominently in the CA Co-Pilot dashboard as a permanent reminder of this hierarchy.
๐ AI model validation and accuracy
How we measure and report extraction accuracy
ReraDesk uses Amazon Bedrock foundation models for document extraction. Our approach to model governance:
- Confidence scoring: Every extracted field is tagged High / Medium / Low confidence based on model certainty. Low-confidence fields are flagged for mandatory user review.
- Source citation: Every extraction cites its source document, page, and line โ enabling human auditors to verify independently
- No black-box outputs: ReraDesk does not display scores or recommendations without showing the underlying data and methodology
- Accuracy tracking: We track extraction accuracy across pilot filings. Current benchmark: 99%+ field-level accuracy on structured documents (banker's certificates, architect completion certificates). Accuracy is lower on unstructured narrative documents โ these are flagged for manual review.
- Bias monitoring: We monitor for systematic extraction errors across states, document types, and languages. Known limitations: Hindi-language documents currently extract at lower accuracy โ flagged for review automatically.
- No training on your data: Amazon Bedrock's model usage agreement prohibits use of API inputs for model training. Your documents do not improve the base models.
Accuracy disclaimer: "99%+ submission success in beta" refers to tracked outcomes across pilot filings where extraction was reviewed and certified by a CA. Individual results vary by document quality, RERA portal uptime, and state-specific requirements. This is not a guarantee of acceptance by any RERA authority.
๐ Regulatory language โ what we say and what we don't
Precise framing to avoid misleading claims
| We say | We don't say | Why |
|---|
| "Built for MahaRERA Order 46C compliance" |
"MahaRERA certified" or "MahaRERA approved" |
We have not received official certification from MahaRERA |
| "Designed for TNRERA 100/70/30 mandate" |
"TNRERA authorised tool" |
We are a private platform, not a government-authorised system |
| "CREDAI BuildSmart innovation applicant" |
"CREDAI certified" or "CREDAI endorsed" |
CREDAI is a trust mark; it is not a regulatory clearance |
| "Analytical decision-support tool" |
"Compliance guarantee" or "Zero penalty guarantee" |
No tool can guarantee regulatory outcomes |
| "99%+ accuracy benchmarked in beta" |
"100% success rate" |
ASCI guidelines require qualified performance claims |
๐ค
Questions about governance?
We welcome conversations with enterprise buyers, CA firms, regulators, and researchers about our AI governance practices. We are also open to sandbox pilot conversations with state RERA authorities.