Security

Protecting every frame and prompt

Anivva follows the safeguards defined in the PRD: encrypted storage, scoped roles, and transparent incident response. This page summarizes the controls reviewers asked about most often.

Infrastructure

  • Hosted on Vercel with regional edge protection and automatic SSL.
  • Supabase manages Postgres + storage with nightly backups and point-in-time recovery.
  • All uploads are scanned for MIME spoofing before being promoted to projects.

Authentication

  • Supabase Auth with rotating refresh tokens and short-lived access tokens.
  • Session data is isolated per browser tab to keep public landing pages static.
  • Admin routes require RLS policies and server-side verification.

Data Protection

  • Prompts, frames, and generation metadata are encrypted at rest.
  • Access to production data is limited to on-call engineers.
  • We scrub uploaded samples for EXIF/PII before using them in demos.

Incident Response

If we detect unusual traffic or a data issue, we follow a 4-step runbook: identify, contain, eradicate, and learn. Customers receive updates within 24 hours for any incident impacting their content or access.

Contact

noreply@anivva.com

24/7 alias monitored by on-call engineers.

Status

status.anivva.com

Real-time updates for API and dashboard availability.

Review Privacy Practices ↗
Security | Anivva