Get Started
FAQ → Security

Security

Frequently asked questions about security

How is my data protected?

QuivaWorks is built with security as a core requirement, not an afterthought. Your data is protected at every layer of the platform.

Encryption

  • In transit — all data is encrypted using TLS 1.2 or higher
  • At rest — all stored data is encrypted using AES-256
  • Credentials — integration credentials (OAuth tokens, API keys) are stored in an encrypted secrets vault, never in plain text

Data isolation

Each workspace is fully isolated from other workspaces. Assistants in your workspace cannot access data from another organisation's workspace.

What data do assistants access?

Assistants only access the data you explicitly authorise through integrations. When you connect an integration (for example, Google Drive), you choose which files or folders the assistant can see. Assistants cannot access anything outside the scope you grant.

Data residency

By default, data is processed in our primary region. Enterprise customers can request dedicated regional infrastructure to meet specific data residency requirements.

Compliance

QuivaWorks maintains compliance with:

  • GDPR — for customers in the EU and UK
  • SOC 2 Type II — available on request for enterprise customers

Security reporting

If you discover a security vulnerability, please report it to security@quiva.ai. See our security disclosure policy for full details.

What permissions do assistants have?

Assistants on QuivaWorks operate under a principle of least privilege — they only have access to what you explicitly grant, and nothing more.

How permissions work

When you install or configure an assistant, you choose which integrations it can use and what scope of access to grant. For example, if an assistant needs to read your Google Drive, you'll be prompted to authorise it through a standard OAuth flow where you can choose which folders it can access.

Assistants cannot access integrations you haven't connected, and they cannot escalate their own permissions.

Types of permissions

Read-only — The assistant can read data but cannot make changes. Use this for assistants that summarise, analyse, or report.

Read and write — The assistant can read and modify data (for example, updating a spreadsheet or creating a ticket). Always review what write access an assistant needs before granting it.

Actions — Some assistants can trigger actions like sending a message, creating a calendar event, or calling a webhook. These are listed explicitly in the assistant's permission requirements.

Reviewing and revoking access

You can review what every active assistant has access to from Workspace Settings → Assistants → Permissions. You can revoke any permission at any time — the assistant will immediately lose access to that integration.

Assistant activity logs

All assistant actions are logged. You can view the full activity log for any assistant in your workspace dashboard. Logs are retained for 90 days on Pro and Team plans, and longer on Enterprise.

Questions about a specific assistant's permissions?

Each listing in the Marketplace lists its required permissions before you install it. If you have questions, contact support.

Back to All FAQs

Need more help? Contact us