Security First

Security & Compliance

Robust controls for sensitive documents and operational data.

Infrastructure

Veda is hosted on Vercel and Supabase. All traffic is enforced over HTTPS/TLS 1.2+. Data at rest is encrypted using AES-256 and KMS-managed keys. Automatic backups and point-in-time recovery protect project files and citation maps.

Access Control

Supabase Row Level Security ensures every project is scoped to its owner. The alignment engine runs in isolated serverless functions; user uploads are never shared across tenants. Administrative access is restricted via SSO, hardware keys, and audited on a quarterly basis.

Document Processing

  • Embeddings and alignment happen within our infrastructure unless you opt-in to a third-party LLM provider.
  • Uploads are scanned for malware and stored in private buckets with signed URLs.
  • Temporary files are purged after processing; only normalized spans and metadata remain.

AI & Chat Safeguards

The Document Chat feature limits responses to the context contained in your documents. Citations are required for every answer, and the system prevents models from hallucinating unsupported content.

Business Continuity

  • Daily backups with multi-region redundancy.
  • Incident response plan with 24-hour internal SLA.
  • Status updates communicated through the dashboard banner if outages occur.

Compliance Roadmap

We are working toward SOC 2 Type II readiness. HIPAA BAAs are available for enterprise customers and require a separate agreement. Contact us for documentation or security questionnaires.

Need a custom security review? Email security@veda.ai.