Data Sovereignty

Your sensitive data never has to leave your environment.

Workswarm is the only chat native agent platform built so your Tally file on a single PC, your hospital EHR, your bank core, your law firm vault, and your CA's GST workings stay exactly where they are. We come to your data, not the other way around.

See the architectureTalk to trust team
5
Regulated environments we work with out of the box
0
Raw records that leave your network without consent
mTLS
Three layer encryption from your device to ours
1 click
Disconnect the tunnel and Workswarm stops seeing anything
Five real situations

Pick the one that looks like your business

Each tab below opens a working architecture. Animated dots show what actually moves where. Designed so any official, not just engineers, can follow along.

Use case 1

Tally Prime on a local Windows PC

Single user accountant in an Indian SMB

Accountant's DeskWindows PC at the SMB officeTally PrimeCompany.tdl on C: drivebooks, ledgers, GSTINWorkswarm Desktop HelperReads Tally locally via XML APISame machine. No data copied out.On Device PII StripperRemoves names, GSTINs, amounts before anything leavesMCP Tunnel AgentOutbound only. mTLS. No incoming ports opened on the PC.Only sends the question, not the books.DATA NEVER LEAVES THIS BOXENCRYPTED TUNNEL (mTLS)Carries question and result onlyWorkswarm CloudMulti tenant. Encrypted per tenant.WorkstreamOrchestratorTally SLMKnows Tally schema andIndian GST formatsPer tenant LoRA adapterAction TemplatesFollowup drafts, reconworkings, GST returnsAudit LogRecords every question and result. No book data.Available to the SMB owner for review any time.NO FRONTIER

Never leaves your side

  • The full Tally Company.tdl file with all books
  • Party names, GSTINs, ledger balances, lines
  • Bank account numbers and payment instructions
  • Anything not explicitly approved to share

Crosses, encrypted

  • A short question (for example "list invoices older than 60 days")
  • Anonymized aggregates (totals, counts, ageing buckets)
  • The reply Workswarm computed (a draft email, a recon entry)

What Workswarm does

  • Decides which workflow to run
  • Drafts the message in the company's brand voice
  • Returns a result the helper writes back into Tally
  • Stores audit trail of questions only
OK
Compliance picture. Tally data stays on the device per existing IT policy. DPDP Act 2023 is satisfied because no personal data is exported off the device without explicit consent on every action. Disconnect the tunnel any time and Tally keeps working normally.
Your environmentEncrypted tunnelWorkswarm orchestrationRestricted zone
Deployment ladder

Five tiers. Each one tighter than the last.

Most teams start on Cloud and move up as compliance asks grow. The ladder lets you pick exactly the boundary you need without changing tools or retraining your team.

Tier 1

Cloud

Multi tenant. Standard for SMB. SLM inference in our India region pools. Default.

SMB and self serve

Tier 2

Cloud plus Tunnel

Pro and mid market. Tunnels for your internal systems. Same multi tenant inference.

Mid market

Tier 3 (popular)

Enterprise BYOK

Your KMS keys. Tunnels mandatory. Per tenant brand voice and tool picker adapters.

Enterprise (popular)

Tier 4

Enterprise Plus HYOK

You host the SLM in your VPC. Tunnels for tools and for model inference.

Highly regulated

Tier 5

On Prem

Full stack in your environment. Only the control plane talks back. For regulated buyers.

Government, defense, large bank

Compliance matrix

Which regulations each architecture satisfies

Pick the row that matches your environment. Every checked cell is an enforceable invariant in the architecture, not a marketing claim.

ArchitectureDPDP Act 2023ISO 27001SOC 2HIPAA PrivacyHIPAA SecurityRBI LocalizationPCI DSSCERT InAttorney Client PrivilegeGDPR ProcessorBar Council RulesGST RulesIT Act 2000India Residency
Tally Prime

Local desktop only

Healthcare

Patient data and PHI

BFSI

Banks and lenders

Legal

Contracts and deals

GST and Tax

India residency

Checked cells indicate the architecture is designed to satisfy the regulation by data flow, not by paperwork alone. For audited certifications and standing reports, see the Trust Center.

Mapped to your industry

Twenty two industries, five architectures

Every industry page on workswarm.ai shows the architecture variant that matches it. Browse below or visit your industry page directly.

🏢Commercial Real Estate
Tally PrimeLegal
🛍️D2C E-commerce
Tally PrimeGST and Tax
💻B2B SaaS
LegalTally Prime
Quick Commerce
Tally PrimeBFSI
🏦Fintech
BFSIGST and Tax
📢Marketing Agencies
LegalTally Prime
🎓EdTech
Tally PrimeLegal
💊Pharma & Life Sciences
HealthcareLegal
🏥Healthcare
Healthcare
🏥Healthcare D2C
HealthcareTally Prime
🚚Logistics & Supply Chain
Tally PrimeBFSI
🏭Manufacturing
Tally PrimeLegal
🛡️Insurance
BFSILegal
✈️Travel & Tourism
Tally PrimeBFSI
🏠Residential Real Estate
Tally PrimeLegal
🏨Hospitality & Hotels
Tally PrimeGST and Tax
🧘Wellness & Fitness
HealthcareTally Prime
🌾Agritech
Tally PrimeGST and Tax
🤝Professional Services
LegalGST and Tax
🔬Diagnostics & Pathology
Healthcare
📦Subscription Commerce
Tally PrimeBFSI
Frequently asked

Six questions a compliance officer always asks

Click any question to expand. If yours is not here, write to trust@workswarm.ai.

Where exactly is my data right now?+

On your machine, your network, or your data centre. The diagrams above show every place Workswarm reaches in. We do not copy raw data to our side. The audit log on our side records the question and the result, not the underlying records.

Can your team see my files?+

No. Inner TLS at the tunnel proxy terminates with a certificate that only you hold. Cloudflare (the transport network) cannot read payloads. Our staff sees only metadata logs and only with documented support tickets. You can audit every staff access in the trust dashboard.

What happens if I cut the tunnel?+

Workswarm immediately loses access to your private tools. Your books, EHR, core banking, DMS all keep working normally. There is no dependency on us to run your business. Reconnect any time and pick up where you left off.

Who holds the encryption keys?+

For BYOK and above, you do. Your KMS, your rotation policy, your audit. Workswarm has no key escrow. If you revoke the key, our copy of the encrypted adapter becomes unusable that minute.

Is this audited?+

Yes. ISO 27001 controls are in place. SOC 2 Type I audit is in progress. Every tunneled call can be cryptographically signed by your side so an auditor (RBI, hospital compliance, bar council) can verify the trail without trusting us.

How do I delete everything?+

One API call. We cascade delete your adapters, your audit log, your workspace, and any cached metadata. S3 objects are purged within 24 hours. We return a signed deletion receipt.

Want the data flow diagram for your exact stack?

Tell us your environment (Tally version, EHR vendor, core banking platform, DMS, or anything else) and we will send back a custom diagram showing where each byte lives. No call required.

Request my diagramSee the security model
Accountant's DeskWindows PC at the SMB officeTally PrimeCompany.tdl on C: drivebooks, ledgers, GSTINWorkswarm Desktop HelperReads Tally locally via XML APISame machine. No data copied out.On Device PII StripperRemoves names, GSTINs, amounts before anything leavesMCP Tunnel AgentOutbound only. mTLS. No incoming ports opened on the PC.Only sends the question, not the books.DATA NEVER LEAVES THIS BOXENCRYPTED TUNNEL (mTLS)Carries question and result onlyWorkswarm CloudMulti tenant. Encrypted per tenant.WorkstreamOrchestratorTally SLMKnows Tally schema andIndian GST formatsPer tenant LoRA adapterAction TemplatesFollowup drafts, reconworkings, GST returnsAudit LogRecords every question and result. No book data.Available to the SMB owner for review any time.NO FRONTIER