Security

Last Updated: June 3, 2026

Your data, your control

The short version: your Kaevo data is encrypted in transit and at rest, isolated per-user at the database engine level, and never sold or used to train AI. You can export everything anytime, and request deletion at any time.

Encryption

Isolation

Every row of your data is tagged with your user ID. Kaevo uses Supabase's row-level security (RLS), which enforces isolation at the database engine — not in application code. Database queries are physically incapable of returning another user's data, regardless of application bugs or misconfigurations.

Your data is yours

Payments

Card data is handled directly by Stripe (PCI DSS Level 1). Your card number, CVV, and full card details never touch Kaevo servers. We can see: your subscription status, your billing email, and the last 4 digits of your card.

AI Assistant

When you chat with Kaevo's AI Assistant, the context relevant to your question is sent to Anthropic to generate a response. Per Anthropic's commercial API terms:

Account access

Reporting security issues

If you discover a security issue, please email security@kaevo.ai. We acknowledge reports within 48 hours.

What we don't do