Trust & Security
Gravii is built for teams that handle sensitive product and customer data. Here's exactly how we protect it.
Data Flow
Meeting notes, emails, or transcripts. Pasted manually or forwarded via email. Nothing is collected automatically.
Sent to Anthropic Claude using your own API key (BYOK). Zero data retention on Anthropic's side. The raw text exists in server memory only during processing (10-30 seconds), then it's discarded. Only structured entities and signals are kept.
Extracted entities, signals, and relationships are stored in your org's isolated database in Frankfurt. The original transcript is never persisted.
Security
All data stored in Frankfurt (eu-central-1). No US data transfer for storage.
Use your own Anthropic API key. AI calls go directly to Anthropic under their zero data retention policy. Gravii never sees your prompts or responses.
Row-level security enforced at the database level on every table. Your data is invisible to other organizations.
Gravii doesn't train models. With BYOK, Anthropic's zero retention policy means your content isn't used for training either.
Infrastructure
Supabase
SOC 2 Type II. Database and auth.
Vercel
SOC 2 Type II. Application hosting.
Anthropic
Zero data retention API. AI processing.
Cloudflare
SOC 2 Type II. DNS, email routing, edge security.
Roadmap
Transparency
During AI processing, your transcript exists in cleartext in server memory for 10-30 seconds. After extraction, only structured data is stored. With BYOK, Anthropic never retains the content.
Gravii is an early-stage product. We don't have SOC 2 yet, but every infrastructure provider we depend on does. We're building security into the architecture from day one.
Have a security question? Reach out directly.