Envirt.ai
Security at Envirt.ai
Your financial and marketing data deserves serious protection. Here is exactly how we protect it.
Infrastructure security
Envirt.ai is built on enterprise-grade infrastructure from providers who maintain rigorous security certifications:
| Provider | Role | Certification |
|---|---|---|
| Supabase | Database & Auth | SOC 2 Type 2 |
| Vercel | Hosting & Deployment | SOC 2 Type 2 |
| Cloudflare | CDN & Edge Security | SOC 2 Type II |
| Stripe | Payment Processing | PCI DSS Level 1 |
| Anthropic | AI Inference (Claude) | SOC 2 Type 2 |
Envirt.ai itself is not independently SOC 2 certified. We rely on these certified vendors for infrastructure security, combined with our own application-level controls described below.
Data protection
Encryption
In transit: All data is encrypted using TLS 1.2+ (HTTPS everywhere).
At rest: Data is encrypted at rest via AES-256 through our database provider (Supabase / underlying AWS infrastructure).
Data isolation
Every customer workspace is isolated using PostgreSQL Row Level Security (RLS). Your data is scoped to your organization (org_id) and cannot be accessed by other customers, even at the database level.
Access controls
- Authentication is handled by Supabase Auth with secure session management.
- API routes are protected with authentication middleware.
- Server-side authorization checks apply on data requests.
Data retention
- Your data is retained while your account is active.
- After account closure, data is deleted within 30 days.
- You can request a full data export at any time.
How AI works with your data
When Envirt.ai generates your Health Score, Risk Radar, or weekly brief, portions of your business data are sent to the Anthropic Claude API as part of a request-response flow. Here is what that means:
What is sent
Aggregated business metrics (revenue, expenses, growth rates, channel performance) needed to generate the specific insight you requested. We send the minimum data necessary for each query.
What is NOT sent
Raw bank credentials, payment card numbers, or personally identifiable customer data. Stripe handles all payment data directly.
AI provider commitments
Under Anthropic's commercial API terms, your data is not used to train their models. Prompts and outputs are processed to fulfill each request only. We do not sell, share, or use your data for advertising.
Copilot, not autopilot
Envirt.ai is designed as an intelligence layer, not an automation engine. AI-generated insights are informational and always require your review before action. We believe founders should make the decisions — our job is to make sure those decisions are informed by the best available data.
All AI outputs include confidence scores so you can gauge how much weight to give each recommendation.
Reporting security issues
If you discover a security vulnerability, please contact us at support@envirt.ai. We take all reports seriously and will respond within 48 hours.
Last updated: April 7, 2026. Questions? Contact support@envirt.ai
← Back to home · Our principles · Privacy Policy · Terms of Service