Security

    How Crevanta protects your data

    Our Commitment to Security

    Crevanta processes sensitive commercial real estate documents -- leases, operating statements, rent rolls, and financial data. We take the security of your data seriously and implement multiple layers of protection to ensure your documents and extracted data remain secure.

    Infrastructure Security

    • Hosting: Our platform is hosted on Vercel's global edge network with enterprise-grade infrastructure, DDoS protection, and automatic failover.
    • Encryption in transit: All data is transmitted over HTTPS with TLS 1.2+ encryption. We enforce HSTS with a 2-year max-age to prevent downgrade attacks.
    • CDN: Static assets are served from Vercel's global CDN, providing fast delivery and an additional layer of security.

    Authentication & Access Control

    • Authentication: We use Clerk for secure authentication, supporting email/password, SSO, and multi-factor authentication (MFA).
    • Session management: Sessions are managed securely with httpOnly cookies and automatic expiration.
    • Access control: Users can only access their own documents and extracted data. Administrative access is restricted and audited.

    Document Processing

    • In-memory processing: Uploaded documents are processed in-memory and are not stored permanently on our servers after extraction completes.
    • AI provider security: When we use AI models to process documents, data is sent over encrypted connections. We use enterprise-tier AI providers that do not use customer data for model training.
    • Data isolation: Each customer's data is logically isolated. Document content from one customer is never accessible to another.

    Application Security

    • Security headers: We implement X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy headers to protect against common web attacks.
    • Error monitoring: We use Sentry for real-time error tracking and alerting, allowing us to quickly identify and respond to potential security issues.
    • Dependency management: We regularly audit and update our dependencies to address known vulnerabilities.

    Responsible Disclosure

    If you discover a security vulnerability in Crevanta, we encourage responsible disclosure. Please report vulnerabilities to security@crevanta.ai. We will acknowledge receipt within 48 hours and work to address the issue promptly.

    Questions

    For security-related questions, contact us at security@crevanta.ai.