Book Demo

Enterprise security by design

Your business data deserves enterprise-grade protection. Aveya is built on Azure with strict isolation, no model training, and deployment flexibility.

Security principles

Every aspect of Aveya is designed with security and privacy as foundational requirements.

Data ownership

Your data belongs to you. We never access, analyze, or use your content for any purpose beyond providing the service.

Strict isolation

Organization-level partitioning across all systems ensures no cross-tenant data access or contamination.

Zero training

Your content is never used to train AI models. All prompts and responses are processed and immediately discarded.

Data protection

Multiple layers of protection ensure your sensitive information stays secure.

Data residency

All data remains in your chosen region and never crosses geographic boundaries without explicit consent.

  • SaaS deployments hosted in New Zealand North (Azure)
  • Self-hosted options available in any Azure region
  • No cross-border data transfer
  • Regional compliance adherence

Encryption standards

Industry-standard encryption protects your data both in transit and at rest.

  • TLS 1.2+ for all data in transit
  • AES-256 encryption for data at rest
  • Encrypted backups and snapshots
  • Key management through Azure Key Vault

Access boundaries

Partition-level isolation ensures strict data separation across organizations.

  • Organization ID-based partitioning
  • Database-level query filtering
  • Search index isolation
  • No shared resources between tenants

Data lifecycle

Clear policies govern how long data is retained and when it's deleted.

  • Configurable data retention periods
  • Secure deletion procedures
  • Audit trails for data operations
  • Right to data portability

Authentication & access control

Enterprise-grade identity management with fine-grained permissions.

Identity management

  • Microsoft Entra ID (Azure AD B2C) integration
  • Single Sign-On (SSO) support
  • Multi-factor authentication (MFA) enforcement
  • Conditional access policies
  • Session management and timeout controls

Role-based access

  • Organization admin and user roles
  • Assistant-level permissions
  • Document access controls
  • API access scoping

Session security

Secure session handling for both full platform access and embedded assistants.

Full Authentication
  • MSAL.js token management
  • Automatic token refresh
  • Secure token storage
  • Session expiry controls
Embedded Sessions
  • Short-lived signed JWTs
  • Assistant-scoped access
  • No platform elevation
  • Configurable TTL

Infrastructure security

Built on Microsoft Azure with enterprise security controls and continuous monitoring.

Azure-native

Fully built on Microsoft Azure infrastructure with inherit security controls and compliance certifications.

Managed identity

No stored credentials or connection strings. All service access uses Azure managed identities with RBAC permissions.

Network security

Private endpoints and VNET integration available for self-hosted deployments with additional network isolation.

Continuous security monitoring

24/7 automated monitoring and threat detection across all infrastructure components.

  • Real-time security monitoring
  • Automated threat detection
  • Security incident logging
  • Regular security assessments

Proactive security measures

Regular testing and maintenance to stay ahead of emerging threats.

  • Vulnerability scanning
  • Penetration testing program
  • Security patch management
  • Incident response procedures

Deployment options

Choose the deployment model that best fits your security and compliance requirements.

Fully managed (SaaS)

Aveya hosts and manages the platform while you retain full data control.

  • Hosted in Aveya's Azure subscription
  • Professional security management
  • Automatic updates and patches
  • 24/7 monitoring and support
  • Strict tenant isolation
  • Data residency controls

Self-hosted

Deploy Aveya in your own Azure environment for maximum control.

  • Runs in your Azure subscription
  • Behind your corporate firewall
  • Complete infrastructure control
  • Custom network configurations
  • Air-gapped deployment options
  • Bring your own OpenAI keys

Compliance & certifications

Built to meet enterprise compliance requirements with industry-standard practices.

Current compliance

  • GDPR compliance for EU data protection
  • Azure's SOC 1, SOC 2, and SOC 3 compliance
  • ISO 27001 through Azure infrastructure
  • Privacy by design principles

Security practices

  • Regular security audits
  • Penetration testing program
  • Secure development lifecycle
  • Third-party security assessments

Enterprise readiness

Additional compliance and security features available for enterprise customers.

  • Custom data retention policies
  • Enhanced audit logging
  • Dedicated customer success
  • Security questionnaire support
  • Custom compliance requirements
  • Legal and procurement support

Security questions?

Our team is happy to discuss your specific security requirements and provide additional documentation for your security review process.

Contact Security Team View Privacy Policy