Trust Center

Pryvet’s goal is to shape a future in which AI technology respects privacy and guarantees the protection of personal and sensitive data. That’s why we are committed to providing a secure, reliable, and transparent platform that builds trust through robust security measures.
  • trust@pryvet.ai
  • Data privacy

Controls

Infrastructure security

  • Enforced strict authentication of the production database The company requires that authorized, secure authentication mechanisms, such as a unique SSH key, be used for authentication when accessing production data stores.
  • Access to encryption keys is restricted. The company restricts privileged access to encryption keys to authorized users with a legitimate business need.
  • Enforced unique account authentication The company requires the use of a unique username and password or authorized Secure Shell (SSH) keys for authentication to systems and applications.
  • Access to production applications is restricted. System access is strictly limited to authorized users only.
  • Established access control procedures The company’s access control policy documents the requirements for the following access control functions: adding new users, modifying users, and/or revoking access for existing users.

Organizational security

  • Asset disposal procedures utilized The company ensures that electronic media containing confidential information are erased or destroyed according to best practices.
  • Confidentiality Agreement acknowledged by employees The company requires its employees to sign a confidentiality agreement during onboarding.
  • Conducted performance evaluations Company managers are required to conduct performance evaluations for their direct reports at least once a year.
  • Password policy enforced The company requires passwords for in-scope system components to be configured according to the company's policy.
  • MDM system utilized The company has a mobile device management (MDM) system in place to centrally manage mobile devices supporting the service.

Product security

  • Control self-assessments conducted The company conducts self-assessments of its controls at least annually to ensure that the controls are in place and effective. Based on relevant findings, corrective actions are taken. If the company has committed to a Service Level Agreement (SLA) for a particular result, corrective actions are performed within the timeframe specified by that SLA.
  • Penetration testing performed The company conducts penetration tests at least once a year. A remediation plan is developed, and changes are implemented to address vulnerabilities in accordance with the SLAs.
  • Data transmission encrypted The company uses secure data transmission protocols to encrypt confidential and sensitive data during transfer over public networks.

Data and privacy

  • Established data retention procedures The company has formal retention and disposal procedures in place to ensure the secure storage and disposal of company and customer data.
  • Customer data is deleted upon termination. The company deletes or removes customer data containing confidential information from the application environment according to best practices when customers discontinue the service, in compliance with legal guidelines.

Subprocessors

Infrastructure

  • T-Systems Trusted cloud provider
  • Microsoft Azure Cloud computing service
  • Amazon Web Services Cloud provider
  • MongoDB Atlas Data storage and management
  • Auth0 User management & authentication

AI model provider (LLM)

  • OpenAI Large Language Model provider
  • Google Large Language Model provider