Trust & Security

Your data security is our foundation.

Nerve sees the most sensitive parts of your business — your pipeline, your revenue, your customers. We treat that access as a responsibility. Here is exactly how we protect it, from the database to the AI.

Data Isolation

Every customer is a separate tenant. Your data is fenced off at the database level — not just in the application.

  • ·Row-level security on every table, keyed to your tenant
  • ·No shared tables, no cross-tenant queries
  • ·Each request is scoped to your account before it touches data

Encryption

Your data is encrypted everywhere it lives and everywhere it travels.

  • ·AES-256 encryption at rest
  • ·TLS 1.2+ for all data in transit
  • ·Application-level AES-256-GCM encryption on sensitive contact fields

AI Data Handling

The AI works on what it needs and nothing more. Personal identifiers are masked before they ever leave Nerve.

  • ·Emails, phone numbers, and IDs masked before reaching the model
  • ·Anthropic does not train on API data and retains nothing
  • ·Secrets and API keys stripped from every prompt

Infrastructure

Nerve runs on hardened, managed infrastructure with no servers for us — or anyone — to misconfigure.

  • ·Hosted on Vercel and Supabase (AWS), SOC 2 providers
  • ·Automated daily backups with point-in-time recovery
  • ·A public health endpoint continuously verifies core services

AI Safety

Nerve checks its own output. Unsafe responses are caught before they reach you.

  • ·Toxicity and unsafe-advice screening on generated content
  • ·Prompt-injection defense on every external document and data source
  • ·Untrusted content is sandboxed so it cannot rewrite Nerve’s instructions

Access Controls

Access to your account is tightly scoped and fully accountable.

  • ·Authenticated sessions with short-lived tokens
  • ·Server-side permission checks on every action
  • ·A tamper-evident audit ledger records who did what, when

Governed Autonomy

Nerve can act on your behalf — but only within limits you set, and it earns more trust over time.

  • ·Autonomy levels from observe-only to full auto, set by you
  • ·Actions must earn higher autonomy through a track record
  • ·Safe Mode automatically restricts autonomy if anything looks abnormal

Your Controls

You stay in charge of your data and what Nerve does with it.

  • ·Export or delete your data at any time
  • ·Approve, edit, or reject any AI action before it runs
  • ·Opt out of optional analytics with one click

Enterprise Security

Multi-factor authentication, single sign-on with Google and Microsoft, and IP-based access restrictions. Available on Growth and Scale plans.

  • ·Two-factor authentication (TOTP) on Growth and Scale
  • ·SSO with Google Workspace and Microsoft / Azure AD
  • ·IP allowlisting and enforced SSO-only login on Scale

Compliance Roadmap

We build to recognized standards today and are formalizing certification.

  • ·GDPR-aligned data handling and deletion
  • ·SOC 2 Type II audit in progress
  • ·Rate limiting and incident detection across the platform

Found something? Tell us.

If you believe you have found a security vulnerability in Nerve, we want to hear from you. Email us and we will respond quickly. We do not pursue good-faith researchers.

security@nervehq.ai