Compliance & verification
Trust by design,
not by promise.
Every supplier on Kypson clears a five-stage verification pipeline before they're routed to a single RFQ. Every order moves through escrow with QC gating. Every identity stays confidential until both sides agree. Below is exactly what we check, what we track, and where we're heading.
Verification pipeline
Five gates. No bypass.
01
GSTIN authentication
Every supplier's 15-character GSTIN is validated against the official Indian GST registry in real time. Legal name, trade name, registered address, and entity type are pulled from source and locked to the profile. Mismatches block onboarding.
02
Factory inspection
Geo-tagged factory photos and machinery nameplate proofs uploaded by the supplier are reviewed by Kypson's verification team. Each unit's address is independently cross-checked. Suppliers with unverified premises stay invisible to buyer RFQs.
03
Certificate authentication
ISO 9001, ISO 14001, ISO 22000, BRC, FSSC, FSSAI, FDA, GMP — each uploaded cert is checked against the issuing body's registry where possible, expiry-dated, and re-flagged 60 days before lapse. Expired certs auto-suspend matching for that capability.
04
Bank + PAN cross-verification
Bank account name must match the GSTIN legal name. PAN is verified independently. Payouts only land in verified accounts.
05
Ongoing rating + behavioural flags
Every completed order feeds quality, delivery, communication, and payment-completion ratings. Auto-flag rules catch outliers (large quote-to-actual deltas, repeated QC rejections, payment defaults) before they reach the next buyer.
Standards we recognise
Industry-specific capability tags.
Buyers raising RFQs can require specific certifications; Kypson's matching engine routes only to suppliers whose valid, non-expired certificates cover the request.
Quality
Environment
Food safety
Information security
Export / customs
Pharma
Sustainability
Confidentiality model
Kypson sits in the middle.
Buyers stay confidential by default
Supplier-facing RFQ listings strip buyer name, contact, and pricing budget. Only the technical brief, quantity, location, and deadline are visible until the buyer accepts a quote.
Supplier identities stay confidential by default
Buyer-facing supplier listings show only the trade name, capability set, certifications, and rating. Phone, email, address, and bank are revealed only after a quote is accepted and the buyer pays the platform escrow.
Kypson is the contractual counterparty
Invoicing flows through Kypson. The buyer's PO names Kypson; Kypson's PO names the supplier. Disputes route to Kypson's mediation team. Either side can leave without the other seeing their direct contact.
Data residency + RLS
All buyer / supplier data is hosted in India (Mumbai region). Row-level security on every table; admin access logged. No third-party data sharing.
Roadmap
What's coming next.
These are the certifications + integrations we're actively working toward. Public timelines so we hold ourselves to them.
Procurement counsel reviewing Kypson?
We'll send a complete vendor due-diligence pack — architecture diagram, RLS policies, audit logs, data flow, and security questionnaire — within one business day.