Security at Nevind AI
Security is not a feature — it's the foundation. Every system is designed with security-first principles to protect your business and your customers.
Technical Safeguards
Encryption at Rest
All data is encrypted at rest using AES-256. Call recordings, transcripts, and customer records receive the same treatment.
Encryption in Transit
All connections use TLS 1.3. OAuth tokens and calendar credentials are additionally encrypted with AES-256-GCM before storage.
Per-Business Data Isolation
Every business has isolated data with row-level security enforced at the database layer. No cross-contamination between accounts is architecturally possible.
Server-Side Secrets
API keys, OAuth tokens, and webhook secrets are stored server-side only and never exposed to the browser. All external calls originate from secure server routes.
PII-Scrubbed Error Monitoring
Error monitoring is configured to explicitly scrub email addresses, phone numbers, names, and request bodies before any event is transmitted.
Breach Notification
In the event of a breach posing real risk of harm, we notify affected users and the Office of the Privacy Commissioner of Canada within 72 hours under PIPEDA.
Compliance Status
Our current certification and compliance posture as of 2026.
Security Concerns?
To report a vulnerability, email privacy@nevind.com. We follow responsible disclosure and aim to acknowledge reports within 48 hours.
For general privacy questions, see our Privacy Policy or email privacy@nevind.com.