Security

Every customer's data is isolated at the database level. Application tables are protected by row-level security keyed to your authenticated user, and each paying customer's private knowledge graph lives in its own database schema; isolation is enforced by the database, not just by application code.

Data is encrypted in transit with TLS and at rest in our managed database and object storage. We do not store passwords; authentication is delegated to Google and Microsoft sign-in.

Primary application data is hosted in India. A limited set of contracted subprocessors process specific data (such as LLM inference and sign-in) to deliver the service; these are listed in our Privacy Policy.

Access to production data is restricted and logged. We monitor errors, uptime, and LLM usage through observability tooling, and writes to sensitive data flow through audited chokepoints.

If you believe you've found a security issue, please email grievance@peakpaver.com with details and steps to reproduce. Please give us a reasonable window to investigate and remediate before any public disclosure.