Security & privacy, by design

Aveya is built for organisations that need private, governed intelligence with tenant isolation, strong access control, and flexible deployment boundaries.

Book a demo Privacy policy

What this page covers

A plain-language orientation for security reviewers: how data is handled, what controls exist, which deployment options are available, and what to expect during review.

Jump to

Security principles→Data handling→Platform controls→Deployment options→Compliance approach→

Security principles

A small set of operating assumptions, written for practical security review.

Principle

Data ownership

Your organisation owns its data. Aveya uses it to power retrieval and answers, not to reuse it for unrelated purposes.

Principle

Tenant isolation

Organisational boundaries are enforced across storage, search, and application access to reduce cross-tenant exposure risk.

Principle

No model training on your data

Customer content is not used to train foundation models. Prompts and responses are processed to serve your request.

How Aveya handles your data

A reviewer-focused flow: what is stored, what stays transient, and what you control.

Ingest: Files connect from your sources (for example SharePoint, storage, or exports) and are processed into searchable chunks.
Store: Documents and derived indexes remain inside the deployment boundary (Managed Deployment or your Azure tenant).
Retrieve: Only relevant snippets are retrieved for a user’s question, with citations where applicable.
Generate: The model uses the retrieved context to produce a grounded answer.
Retain / delete: Retention and deletion follow your deployment configuration and policy.

If you need deeper detail on architecture, controls, or data flow, we can provide it under NDA.

At a glance

What’s stored vs transient

What’s stored. Source documents, derived search indexes (chunks and embeddings), and access configuration remain inside your deployment boundary.

What’s transient. Prompts, retrieval context, and model responses are processed per request and are not reused for unrelated purposes.

Platform controls

Core control domains security teams evaluate: encryption, identity, boundaries, and auditability.

Data protection

Encryption

Data is protected in transit using modern TLS and encrypted at rest using industry-standard algorithms. Key management is handled via Azure services, with additional control available for Private Deployment.

Identity

Authentication & access

Aveya supports SSO-compatible identity and role-based access. Organisations can assign admin and user roles, and scope access at the experience level for embedded or portal-based deployments.

Boundaries

Tenant separation

Organisational boundaries are enforced across storage and search access patterns to reduce cross-tenant risk. The platform is designed so access rules follow the data, not the user’s intent.

Embedding

Embedded access

When Aveya is embedded into another product or portal, access is constrained using short-lived signed tokens scoped to a specific experience. These tokens cannot escalate to broader platform access, and expiry and session behaviour are configurable per deployment.

Logging

Audit logging

Audit detail depends on deployment and customer preference. For enterprise reviews, we can provide a clear view of what’s captured, where it’s stored, and what’s intentionally not recorded.

Deployment options

Choose the model that matches your governance, networking, and compliance requirements.

Deployment

Managed Deployment

Aveya hosts and operates the platform with strong tenant isolation and regional hosting controls. This is the fastest path to value when infrastructure ownership is not required.

Deployment

Private Deployment in your Azure tenant

Deploy inside your own Azure subscription for full control over networking, policies, and security tooling. Preferred in regulated or high-control environments.

Compliance approach

Aveya is built on Azure services with established security and compliance programs. We focus on clear controls, reviewability, and deployment flexibility.

Azure provides a strong baseline of certified infrastructure controls
We support enterprise security questionnaires and reviews
Additional documentation available under NDA where appropriate

Practical next step

Request a security pack

If you’re running a vendor security review, we’ll provide a focused pack: architecture overview, data flow, control mapping, and deployment-specific details.

Request security pack Privacy policy

Security questions?

Tell us your deployment preference and review requirements, and we’ll respond with the right level of detail.

Contact Book a demo