Security & Privacy

Your competitive intelligence deserves the highest level of protection

Your data is never used for AI training

Vere uses Anthropic's commercial API which explicitly prohibits using customer data for model training. This is a contractual guarantee, not just a setting. Your sales playbooks, competitive intel, customer stories, and deal strategies stay yours alone.

AI Provider Policies

  • No model training - Commercial API terms prohibit it
  • 7-day retention - Then automatically deleted
  • Zero Data Retention - Available for enterprise customers
  • Your content stays private - Anthropic staff cannot view it

We use Anthropic's commercial API, not consumer Claude. This provides fundamentally stronger protections.

Database-Level Isolation

  • Row-Level Security - PostgreSQL enforces tenant isolation
  • Defense in depth - Database blocks cross-tenant access even if app has bugs
  • 19 protected tables - All sensitive data covered by RLS policies
  • Audit-friendly - Security teams can verify isolation independently

Most SaaS platforms rely solely on application-layer filtering. We go further with database-enforced isolation.

Encryption

  • TLS 1.3 - All data encrypted in transit
  • AES-256-GCM - SSO credentials encrypted at rest
  • AES-256-CBC - OAuth tokens encrypted
  • bcrypt (12 rounds) - Passwords one-way hashed

Authentication

  • SSO Support - SAML 2.0 and OIDC (Okta, Azure AD, Google)
  • Configurable session length - Token expiry adjustable per tenant
  • Secure cookies - httpOnly, Secure, SameSite=Strict
  • Account lockout - Protection against brute force

Common Questions

Will my competitive intelligence be used to train AI models?

No. Never. Vere uses Anthropic's commercial API which explicitly prohibits using customer data for model training. This is a contractual guarantee, not just a setting you can toggle. Your sales playbooks, competitive intel, and deal strategies stay yours alone.

Can other Vere customers see my data?

No. Impossible by design. We implement Row-Level Security at the PostgreSQL database layer. This means even if our application code had a bug, the database itself would refuse to return data from other organizations. Your data is cryptographically isolated.

How long does Anthropic keep my data?

API data is retained for just 7 days for safety monitoring, then automatically deleted. Enterprise customers can request Zero Data Retention agreements where inputs and outputs aren't stored at all.

What about compliance certifications?

Our infrastructure providers (AWS, Cloudflare, Stripe) are SOC 2 Type II certified. We're evaluating platform-level SOC 2 certification as we scale. GDPR and CCPA requirements are supported. Contact us to discuss your specific compliance needs.

Infrastructure Partners

AWS SOC 2 Type II Certified
Cloudflare SOC 2 Type II Certified
Stripe PCI DSS Level 1
Anthropic Commercial API Terms

Questions?

Our team is happy to discuss your security requirements, complete questionnaires, or provide additional documentation.

Email: security@getvere.com

We respond within 2-3 business days. For formal security questionnaires (SIG Lite, CAIQ), allow 5-7 business days.