Security
How we protect your data
Orviora connects to your social accounts and learns from your content, so keeping that data safe is part of the product, not an afterthought. Here is how we handle it.
Encrypted in transit and at rest
Traffic is served over TLS 1.3, and your data is encrypted at rest.
Encrypted credentials
Social account tokens and provider keys are encrypted before they are stored.
Tenant isolation
PostgreSQL row-level security separates every workspace's data at the database layer.
Audits and testing
We run regular security audits and penetration testing against the platform.
Access controls and audit logs
Access follows least privilege, and security-sensitive actions are recorded in audit logs.
Retention and deletion
Delete your account and we remove your personal data within 30 days.
Your data, your rights
We do not sell your personal data. Depending on your jurisdiction, you can exercise the rights below at any time.
- Access and receive a copy of your personal data
- Correct inaccurate data
- Request deletion of your data
- Object to or restrict processing
- Export your data (portability)
- Withdraw consent at any time
Full detail lives in our Privacy Policy.
Working with AI providers
Scoring and content generation send your content to third-party AI providers under data processing agreements. The providers we use may change as the product evolves, and the current list is disclosed in your data processing agreement on request.
Enterprise customers can request a Data Processing Agreement and details on sub-processors through our contact form.
Found a vulnerability?
We welcome responsible disclosure. If you believe you have found a security issue, email us at [email protected] with the details and steps to reproduce, and give us a reasonable window to respond before any public disclosure.