Security & privacy, by design

Aveya is built for organisations that need private, governed intelligence, with tenant isolation, strong access control, and deployment flexibility.

Book a demo Privacy policy

What this page covers

A plain-language view of how Aveya handles your data, the controls we provide, and the deployment options available for different security requirements.

Jump to

Security principles→Data handling→Platform controls→Deployment options→Compliance approach→

Security principles

Aveya is designed around a small set of non-negotiables, with clarity over slogans.

Principle

Data ownership

Your organisation owns its data. Aveya exists to make it searchable and usable, not to reuse it for unrelated purposes.

Principle

Tenant isolation

Data is isolated by organisation across storage, search, and application access boundaries to reduce the risk of cross-tenant exposure.

Principle

No model training on your data

Customer content is not used to train foundation models. Prompts and responses are processed to serve your request.

How Aveya handles your data

This is the flow security reviewers care about: what’s stored, what’s transient, and what you can control.

Ingest: Files connect from your sources (e.g. SharePoint, storage, exports) and are processed into searchable chunks.
Store: Source content and derived indexes remain inside the deployment boundary (SaaS tenant or your Azure tenant).
Retrieve: The platform retrieves only relevant snippets for a user’s question (with citations where applicable).
Generate: A model is called with the retrieved context to produce an answer. The goal is grounded, verifiable output.
Retain / delete: Retention and deletion are configurable by deployment model and customer policy.

If you need a deeper security pack (architecture, controls, data flow), we can provide it under NDA.

At a glance

What’s stored vs transient

What’s stored. Source documents, derived search indexes (including chunks and embeddings), and access configuration remain within your deployment boundary, either your Azure tenant or a dedicated Aveya tenant.

What’s transient. Prompts, retrieval context, and model responses are processed per request to generate answers and are not reused for unrelated purposes.

Platform controls

The core areas security teams ask about: encryption, identity, boundaries, and auditability.

Data protection

Encryption

Data is protected in transit using modern TLS and encrypted at rest using industry-standard algorithms. Key management is handled via Azure services, with additional control available for self-hosted deployments.

Identity

Authentication & access

Aveya supports SSO-compatible identity and role-based access. Organisations can assign admin and user roles, and scope access at the assistant level for embedded or portal-based use cases.

Boundaries

Tenant separation

Organisational boundaries are enforced across storage and search access patterns to reduce cross-tenant risk. The platform is designed so access rules follow the data, not the user’s intent.

Embedding

Embedded assistants

When Aveya is embedded into another product or portal, access is constrained using short-lived signed tokens scoped to a specific assistant. These tokens cannot be escalated to broader platform access, and expiry and session behaviour are configurable per deployment.

Logging

Audit logging

Audit detail depends on deployment and customer preference. For enterprise reviews, we can provide a clear view of what’s captured, where it’s stored, and what’s intentionally not recorded.

Deployment options

Choose the model that matches your governance and compliance requirements.

Deployment

Fully managed (SaaS)

Aveya hosts and operates the platform with strong tenant isolation and regional hosting controls. This is the fastest path to value when infrastructure ownership is not required.

Deployment

Self-hosted in your Azure

Deploy inside your own Azure subscription for full control over networking, policies, and security tooling. Preferred in regulated or high-control environments.

Compliance approach

Aveya is built on Azure services with established security and compliance programs. We focus on clear controls, reviewability, and deployment flexibility.

Azure provides a strong baseline of certified infrastructure controls
We support enterprise security questionnaires and reviews
Additional documentation available under NDA where appropriate

Practical next step

Request a security pack

If you’re running a vendor security review, we’ll provide a focused pack: architecture overview, data flow, control mapping, and deployment-specific details.

Request security pack Privacy policy

Security questions?

Tell us your requirements and deployment preference, and we’ll respond with the right level of detail for your review.

Contact Book a demo