How is my data protected?
QuivaWorks is built with security as a core requirement, not an afterthought. Your data is protected at every layer of the platform.
Encryption
- In transit — all data is encrypted using TLS 1.2 or higher
- At rest — all stored data is encrypted using AES-256
- Credentials — integration credentials (OAuth tokens, API keys) are stored in an encrypted secrets vault, never in plain text
Data isolation
Each workspace is fully isolated from other workspaces. Assistants in your workspace cannot access data from another organisation's workspace.
What data do assistants access?
Assistants only access the data you explicitly authorise through integrations. When you connect an integration (for example, Google Drive), you choose which files or folders the assistant can see. Assistants cannot access anything outside the scope you grant.
Data residency
By default, data is processed in our primary region. Enterprise customers can request dedicated regional infrastructure to meet specific data residency requirements.
Compliance
QuivaWorks maintains compliance with:
- GDPR — for customers in the EU and UK
- SOC 2 Type II — available on request for enterprise customers
Security reporting
If you discover a security vulnerability, please report it to security@quiva.ai. See our security disclosure policy for full details.