Gevara
Security & Trust

Your strategy is sensitive.
We treat it that way.

Gevara is built on enterprise-grade infrastructure with encryption, strict access controls, and a simple promise: your data is never used to train AI models.

Contact security Enterprise plans

Encryption everywhere

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256) across our database and storage. There is no unencrypted path to your data.

Your data never trains AI models

Reports run on enterprise AI APIs (Anthropic, OpenAI, Google). Content sent for inference is not used to train their models. Your strategy stays yours.

Identity & access

Authentication is handled by Clerk with optional SSO/SAML and multi-factor auth. Role-based access (Owner, Admin, Member) governs every action.

Tenant isolation

Every record is scoped to your organization. Workspaces are logically isolated so one customer can never read another's data.

Auditability

Key actions — membership changes, billing, exports — are recorded in an audit trail so you always know who did what, and when.

Hardened infrastructure

Hosted on SOC 2-compliant infrastructure (Vercel, Neon) with automated backups, isolated environments, and least-privilege service access.

Compliance

We are transparent about where we are. Here is the honest current state — no inflated badges.

SOC 2 Type IIIn progress

Built on SOC 2-compliant infrastructure; our own audit is underway.

GDPRAligned

Data-processing practices follow GDPR principles; a DPA is available for enterprise customers.

PCI DSSVia Stripe

We never store card data — all payments are handled by Stripe (PCI DSS Level 1).

Data Processing AddendumAvailable

Signed DPA available on request for Business and Enterprise plans.

Transparency

Subprocessors

The third parties that help us run Gevara. Every one is bound by data-protection obligations.

ProviderPurpose
VercelApplication hosting & edge network
NeonPostgreSQL database (encrypted)
ClerkAuthentication, SSO/SAML, MFA
StripePayments (PCI DSS Level 1)
AnthropicAI inference (Claude)
OpenAIAI inference (fallback)
GoogleAI inference (fallback)
ResendTransactional email
UploadThingFile storage
PostHogProduct analytics

Responsible disclosure

Found a vulnerability? We want to hear from you. Email our security team and we will respond promptly — we credit responsible researchers.

security@gevara.comRequest a DPA