Trust Center

Security and Trust

Prova is used in regulated industries to produce auditable records of AI reasoning. Prova takes security and data privacy seriously.

SOC 2

Type 1 planned

We have not started a SOC 2 audit yet. We plan to begin SOC 2 Type 1 readiness when we onboard our first design partner. Our security documentation (this questionnaire, the DPA, and the subprocessor list) is available now under NDA.

See the controls we operate today, mapped to the Trust Services Criteria

Security

Encryption in transit

All traffic is TLS 1.2+. API endpoints enforce HTTPS.

Encryption at rest

Supabase encrypts data at rest using AES-256.

Authentication

Supabase Auth with email/OAuth. API keys are stored as SHA-256 hashes only. The raw key is never retrievable.

Access control

Row-level security on all tables. Service role key is server-side only, never exposed to the browser.

Secret management

Environment variables managed via Vercel and Render. No secrets in source code or version control.

Vulnerability disclosure

Report issues to security@cobound.dev. See security.txt.

Data Practices

What we store

Each AI decision is a signed receipt (an AIDecisionEvent): its kind, source, the payload you send, any policy verdicts and detector findings, and the Ed25519 signature over all of it. You can verify any receipt yourself, offline, against the published public key; the in-browser verifier is at /proof. The signed receipt is the audit trail, so the payload is stored; send only what you need recorded. Only a hash of your API key is kept, never the raw key.

Self-hosted and air-gapped

For full data control, the self-hosted bundle (docker-compose and Helm) keeps every receipt inside your own perimeter, with nothing sent to Prova. Air-gapped deployments are supported.

EU data residency

Available on Enterprise plans: all data stored in the Supabase EU region so nothing leaves the EEA. Self-hosted deployments give you residency control by default.

Retention and deletion

Receipts are retained as your audit trail while your account is active. Account data is deleted within 30 days of account closure, and you can request deletion of your receipts at any time.

Legacy verifier

The original reasoning-chain verifier is a separate path: it stores a certificate plus a fingerprint of the input and accepts a retain flag, so reasoning text is not persisted unless you opt in. See /docs/privacy.

Documents

Questions about security or compliance?

I respond to enterprise security reviews within one business day.