How Aivera handles your data.

Tenant isolation

Every row in every Aivera table carries a customer_id UUID. Documents, audit log entries, workflow runs, attorney decisions, embeddings — all of it. Reads and writes filter on the customer ID extracted from the request's signed JWT. There is no shared table where one customer's data lives next to another's without that filter.

Two customers cannot see each other's documents, audit feeds, or chat histories. Cross-tenant access requires forging a JWT signed with our secret, which means an attacker would need to compromise our application server.

Authentication

Every protected endpoint requires a Bearer JWT. We validate the standard claims (exp, iat, sub) plus a fixed audience and issuer. Tokens without all five claims are rejected at the door, before any handler runs.

For pilot deployments we sign with HS256 against a per-deployment secret with a 32-character minimum (boot fails otherwise). Production deployments will route to your IdP — Auth0, Cognito, WorkOS, or Okta — using the same audience/issuer model.

PII redaction at write

Audit rows persist the prompt and response of every agent call. Before they hit disk, they pass through a redactor that masks four PII categories: SSN, date of birth, email, and US phone number. The redactor runs in two places:

• Audit writes — every input_text and output_text field is redacted before INSERT.
• Application logs — a logging filter is installed on the root logger, so every log line emitted by every handler is redacted before it leaves the process.

A subpoena that reaches our log files or our audit table will not surface SSNs, DOBs, emails, or phone numbers. The original document text in your firm's storage is not touched — only the agent prompts and responses.

Caveat: redaction is pattern-based, not perfect. Free-text PII not matching these four patterns (street addresses, license numbers, account numbers) is not currently redacted. Add patterns by request.

Audit log immutability

The audit log is append-only at the API boundary. There is no UPDATE or DELETE endpoint for audit rows. Every prompt, every tool call, every source citation, every gate decision, and every workflow start is written and stays written.

Each row carries: who acted (user_id), what agent ran (agent), what action (action), what tools fired (tools_used), what sources were cited (sources), latency, and a UTC timestamp.

Database admins with direct connection access can technically modify rows. We expect customers running self-hosted to use Postgres triggers or a write-once table partition to enforce immutability at the storage layer. We can advise on the migration.

Data retention

Aivera does not auto-purge audit rows or workflow data. Retention is your call: indefinite by default, configurable per customer at deployment time. Most regulated firms set 7 years to match standard records-management policy.

When you ask us to delete a tenant, we run a single transaction that deletes all rows where customer_id matches. Backups are retained for 30 days afterward, then expire.

Tool scoping

Each agent (compliance, contract review, legal research, Q&A) is registered with a fixed set of tools — RAG retrieval, document parser, citation checker, case search. An agent cannot call a tool outside its set. The Q&A agent can search and cite, but cannot draft a redline. The contract agent can redline, but cannot trigger a workflow.

This is enforced at the framework level (PydanticAI's @agent.tool registration), not via prompting. Prompt injection cannot grant an agent access to a tool it wasn't given.

Compliance roadmap

Honest status:

If a row above is a blocker for your firm, tell us. We're picking the next 2-3 things to ship based on pilot feedback.

Reporting a vulnerability

Found something? Email security@aivera.us. We acknowledge within 1 business day, triage within 3, and fix critical issues before disclosure.

No bounty program yet. We will not pursue legal action against good-faith research that respects tenant boundaries and avoids accessing customer data.