Isolated, and encrypted with your own revocable key.
This page is written for the person who reads it like a contract. Here is what Gravii commits to, stated precisely, including the honest caveats and where we are today.
Gravii is early. The commitments below describe how Gravii is built and what each pilot firm is set up with. If you need to know exactly what is live today, ask and we will show you.
Your data is isolated in a per-tenant database and encrypted with a key held in your own KMS. Disable the key and Gravii loses access. The control is unilateral and yours.
Your data is stored in the EU. Where the database physically lives is a property you can ask us to pin.
You connect your own model provider key. Gravii runs answers through your key under your provider's zero-retention terms.
With no key configured, Gravii does not run on your real data. There is no shared Gravii key quietly standing in.
We do not train on your data. Captured material is what you confirmed, nothing more.
NDA and a Data Processing Agreement on request. Deletion and export are guaranteed in writing.
What we are upfront about
Your own revocable key controls who can decrypt your data, not where it physically sits. If your policy requires data to live in a database you own, that is a residency option we offer, not the default. We will not blur the two.
To answer a question, your text is processed in our application tier for the moment it takes to respond. We do not claim your data never touches us. Closing that last gap with confidential computing is on the roadmap, not a claim we make today.
Gravii is an early-stage product run with care. We would rather state the limits plainly than imply certifications we do not yet hold.
Have a question your compliance team needs answered?
Ask it directly. We would rather have the hard conversation early.