Security without compromise
Your relationship data is sensitive business intelligence. We protect it with enterprise-grade security, transparent data practices, and a zero-compromise privacy architecture.
Built on proven security standards
Our security commitments
Your data belongs to you
Full ownership. Export anytime. Delete permanently. We are custodians, not owners.
Never sold or shared
No data brokers. No advertisers. No third-party analytics on your relationship data.
No model training
Your data never trains AI models — ours or anyone else's. Ever.
Encrypted everywhere
Data encrypted at rest (AES-256) and in transit (TLS 1.3). Your relationships stay private.
How we handle your integrations
SavirOS connects to your calendar and email to build relationship intelligence. Here is how we secure these connections.
OAuth 2.0 Authentication
We use industry-standard OAuth to authenticate with Google, Microsoft, and other services. We never store your passwords.
Minimal Permissions
We request only the permissions necessary to read calendar events and basic profile information. Nothing more.
Token Encryption
OAuth tokens are encrypted at rest using AES-256. Access tokens are rotated automatically.
Revocable Anytime
Disconnect integrations instantly from Settings or directly from your provider. Tokens are destroyed immediately.
Relationship data processing
When we build your relationship memory, every step is designed with privacy in mind.
Infrastructure and encryption
Data Encryption
- In Transit: All connections use TLS 1.3 encryption. We enforce HTTPS across all endpoints with HSTS headers.
- At Rest: Data stored in our databases is encrypted using AES-256 encryption.
- Backups: All backup data is encrypted with separate encryption keys.
Infrastructure Security
- Hosting: Our services run on Google Cloud Platform (Firebase), which maintains SOC 2, ISO 27001, and other compliance certifications.
- Database: We use Firebase Firestore with automatic encryption, replication, and redundancy.
- CDN: Static assets are served through Vercel's global edge network with DDoS protection.
- Isolation: Each user's data is logically isolated and access-controlled.
Authentication and Access Control
- Password Security: Passwords are hashed using bcrypt with appropriate cost factors. We never store plaintext passwords.
- Session Management: Secure, HTTP-only cookies with appropriate expiration. Sessions can be revoked at any time.
- Magic Links: Passwordless authentication option with time-limited, single-use tokens.
- Rate Limiting: All authentication endpoints are rate-limited to prevent brute force attacks.
- SSO Support: Enterprise plans support SAML/SSO integration with your identity provider.
Data Portability and Deletion
- Export: Pro users can export their complete relationship data in JSON format at any time.
- Deletion: You can delete individual contacts, relationships, or your entire account. Deletion is permanent and irreversible.
- Account Closure: When you close your account, all your data is permanently deleted within 30 days.
- Integration Revocation: Disconnecting an integration removes all associated tokens immediately.
Compliance and Privacy
- GDPR: We support data portability, right to deletion, and transparent data practices for EU users.
- SOC 2 Type II: Our infrastructure providers maintain SOC 2 compliance. We are pursuing our own certification.
- Data Minimization: We collect only what is necessary and retain it only as long as needed.
- Privacy by Design: Privacy considerations are built into our architecture, not bolted on.
For more details, see our Privacy Policy.
Third-party services
We use a limited number of trusted third-party services. Here is what they can and cannot access.
Security questions or concerns?
If you discover a security vulnerability or have questions about our practices, please reach out. We take all reports seriously and respond within 24 hours.
Last updated: February 2026
Ready to build your relationship memory?
Enterprise-grade security. Zero-compromise privacy. Start free.