Skip to content
Technical Reference

Security Posture

Factual practices covering how Brainverse handles data, authentication, and tenant isolation. No marketing language — just what we actually do.

Questions? [email protected]

No PII Storage

Brainverse does not store personally identifiable information about your employees, customers, or end users. Agent workflows are designed to operate on business data — documents, configurations, and operational records — not personal profiles.

Client Data Is Never Used for AI Training

Data you share with Brainverse — documents, workflows, business records — is never used to train AI models. We use enterprise agreements with AI providers (Anthropic, Google, OpenAI) that contractually prohibit training on customer inputs.

Encryption in Transit and at Rest

All data in transit is protected by TLS/HTTPS. Data stored at rest in Brainverse systems is encrypted. This applies to agent memory, configuration data, and any operational records retained during service delivery.

Auth via Supabase with Row-Level Security

Authentication is handled through Supabase with Row-Level Security (RLS) enforced at the database layer. Every query is scoped to the authenticated tenant — one client cannot access another client's data regardless of application-layer behavior.

Isolated Environments per Client

Each client's agent team operates in an isolated environment. Agent memory, configurations, and operational data are segmented at deployment. There is no shared runtime state between client deployments.

No Third-Party Data Sharing

Client data is not sold, rented, or shared with third parties for their own purposes. Data sent to AI model providers is used solely to process your specific requests under enterprise agreements. We do not share client data with other Brainverse clients or with any marketing or analytics partners.

Role-Based Access Controls

Access to Brainverse systems follows the principle of least privilege. Roles are scoped to the minimum permissions required for each function. Administrative access requires explicit provisioning and is not granted by default.

Data Handling During Service Delivery

When Brainverse delivers services, agents may process documents and operational data you provide. This data is used solely to perform the tasks you have engaged us for. It is not retained beyond what is operationally necessary, not analyzed for unrelated purposes, and not shared with other clients.

Specific data access requirements are defined during the discovery phase before any deployment begins. You will know what data the agents can access, and why, before we proceed.

For engagements involving personal data of third parties (employees, customers), a Data Processing Addendum is available on request. Contact [email protected] to request it.

Infrastructure

DatabaseSupabase (Postgres) with Row-Level Security enforced at the database layer
AuthSupabase Auth — cookie-based sessions, server-side validation on every protected request
HostingVercel (Next.js application layer)
AI Model ProvidersAnthropic, Google, OpenAI — enterprise agreements, no training on client inputs
Data in TransitTLS 1.2+ enforced on all endpoints

Have specific security requirements?

We discuss security requirements during discovery — before any commitment.

Technical FAQBook a Discovery Call