SECURITY.

We handle sensitive data for individuals, teams, and regulated organizations. That responsibility informs every technical and operational decision we make.

Our security program is designed to be conservative, transparent, and verifiable. We assume scrutiny. We plan for failure modes. We prioritize clarity over claims.

If you ever identify a security concern or vulnerability, contact us directly at security@paveer.com.

Paveer operates on Google Cloud Platform infrastructure and leverages Google’s enterprise security controls as the foundation of our environment.

We maintain SOC 2 Type II certification, perform continuous internal security testing, and engage independent third parties for annual penetration testing.

Our internal program includes secure code review, zero-trust access controls, device posture enforcement, incident response training, and disaster recovery exercises aligned with industry best practices.

Assessment reports are available upon request by contacting security@paveer.com.

Paveer is delivered as a secure web application accessible via modern browsers. We support hosted demonstrations, proofs of concept, and enterprise deployments.

Enterprise deployments can be configured to meet specific compliance, data handling, and operational requirements, including SSO, audit logging, and controlled ingestion pipelines.

Authentication via SAML (Microsoft Entra, Okta, Google Workspace) is supported for enterprise customers.

Customer data is transmitted securely to Paveer infrastructure hosted on Google Cloud Platform. All data in transit is encrypted using industry-standard TLS, and data at rest is encrypted using managed cloud encryption services.

Depending on deployment, data may be processed internally or routed to approved inference providers. Video content is not used for analytics logging.

Processing workflows are designed to minimize data exposure while maintaining operational reliability.

Chronos is a collaborative agent that performs multi-step reasoning with a human-in-the-loop.

Tool actions are visible, approvals are explicit, and no side-effecting changes occur without user confirmation.

Customers retain ownership of their data and control how it is provided, retained, and accessed within their environment.

We work with customers to align on access controls, retention policies, audit requirements, and contractual safeguards appropriate to their risk profile.

By default, Paveer maintains a seven-day retention period for video data and associated artifacts to support quality assurance and error recovery.

Retention periods can be shortened, extended, or disabled entirely through contractual agreement.

Customers with heightened security requirements may opt out of model training using their data.

If you believe you have identified a security vulnerability, report it to security@paveer.com.

We acknowledge legitimate reports promptly and address confirmed issues as quickly as practicable.