Security

We handle sensitive data for individuals, teams, and regulated organizations. That responsibility informs every technical and operational decision we make.

Our security program is designed to be conservative, transparent, and verifiable. We assume scrutiny. We plan for failure modes. We prioritize clarity over claims.

If you ever identify a security concern or vulnerability, contact us directly at security@paveer.com.

Paveer operates on Google Cloud Platform infrastructure and leverages Google's enterprise security controls as the foundation of our environment.

We maintain SOC 2 Type II certification, perform continuous internal security testing, and engage independent third parties for annual penetration testing.

Our internal program includes secure code review, zero-trust access controls, device posture enforcement, incident response training, and disaster recovery exercises aligned with industry best practices.

Assessment reports are available upon request by contacting security@paveer.com.

Paveer is delivered as a secure web application accessible via modern browsers. We support hosted demonstrations, proofs of concept, and enterprise deployments.

Enterprise deployments can be configured to meet specific compliance, data handling, and operational requirements, including SSO, audit logging, and controlled ingestion pipelines.

Authentication via SAML (Microsoft Entra, Okta, Google Workspace) is supported for enterprise customers.

Customer data is transmitted securely to Paveer infrastructure hosted on Google Cloud Platform. All data in transit is encrypted using industry-standard TLS, and data at rest is encrypted using managed cloud encryption services.

Depending on deployment, data may be processed internally or routed to approved inference providers. Video content is not used for analytics logging.

Processing workflows are designed to minimize data exposure while maintaining operational reliability.

Chronos is a collaborative agent that performs multi-step reasoning with a human-in-the-loop.

Tool actions are visible, approvals are explicit, and no side-effecting changes occur without user confirmation.

Customers retain ownership of their data and control how it is provided, retained, and accessed within their environment.

We work with customers to align on access controls, retention policies, audit requirements, and contractual safeguards appropriate to their risk profile.

By default, Paveer maintains a seven-day retention period for video data and associated artifacts to support quality assurance and error recovery.

Retention periods can be shortened, extended, or disabled entirely through contractual agreement.

Customers with heightened security requirements may opt out of model training using their data.

We provide full data control to our users and enterprise customers. You have the right to permanently remove your footprint from our system at any time:

• Account Deletion: Individual users can request or trigger account deletion. This permanently removes your authentication credentials, personal identifiers, and individual profile metadata from our active directories.
• Organisation Deletion: Authorised administrators can initiate full organization deletion. This removes all associated team member profiles, dashboard configurations, billing histories, and associated workspaces.
• Data Cleansing: Upon confirmation of an account or organization deletion, all associated assets—including transcriptions, embeddings, and database records—enter our secure deletion cycle to be overwritten permanently.

If you believe you have identified a security vulnerability, report it to security@paveer.com.

We acknowledge legitimate reports promptly and address confirmed issues as quickly as practicable.