We handle sensitive business files every day — invoices, leases, bank statements, tax forms. Security isn't a feature, it's the foundation everything else is built on.
Built on certified infrastructure, designed for regulated industries.
Neruva runs on Google Cloud Platform, which maintains SOC 1/2/3, ISO 27001, and ISO 27017 certifications. Our infrastructure inherits these controls.
Full data subject rights: export, forget, delete. One-click data erasure from the dashboard. We process data lawfully under legitimate interest and contractual necessity.
As a Canadian company, we comply with the Personal Information Protection and Electronic Documents Act. Your data is handled according to Canadian privacy law.
Multiple layers of security protect your data at every stage.
All data transmitted between your browser and our servers is encrypted using TLS 1.2+ (HTTPS). No exceptions, no fallback to unencrypted connections.
All stored data is encrypted at rest using AES-256, Google Cloud's default encryption standard. Encryption keys are managed by Google Cloud KMS.
Every account is a fully isolated namespace. No code path allows one account to access another's files or extracted data. This is our strictest architectural invariant.
Firebase Authentication with Google OAuth 2.0 or email/password. Sessions are managed with secure tokens. Multi-factor authentication (TOTP) available for all accounts.
Role-based access within your account. Admin controls for user management, API key rotation, and billing. All actions are logged in the audit trail.
Uploaded files are stored in Google Cloud Storage with signed URLs that expire after 7 days. Files are isolated per account with path-level access controls.
Transparency about what happens to your files.
You own your files and all extracted data. We never claim ownership of your content. Export everything as CSV, JSON, or delete it permanently — anytime.
Your files are never used to train AI models. Not ours, not anyone else's. Files are processed for extraction only, then the extracted data is stored in your secure account.
Extracted data is retained until you delete it. Original files are stored for preview access with configurable retention. On account deletion, all data is permanently erased within 30 days.
One-click data erasure from Settings. This permanently destroys all your files, extracted data, and knowledge graph entries. Irreversible by design.
All services run on GCP (us-central1). Google Cloud maintains SOC 1/2/3, ISO 27001, ISO 27017, ISO 27018, and PCI DSS certifications.
Authentication, database, and file storage powered by Firebase — Google's enterprise application platform with built-in security controls and automatic scaling.
Payments processed by PayPal. We never see or store your credit card number. PayPal is PCI DSS Level 1 certified.
No. Your data is encrypted and isolated in your own namespace. We do not have a workflow or tool that allows browsing customer documents. Access would require explicit engineering action with audit logging.
We will notify affected customers within 72 hours, as required by GDPR and PIPEDA. We will provide details of what was affected and what steps we're taking. We maintain incident response procedures and conduct regular security reviews.
All data is stored in Google Cloud Platform's us-central1 region (Iowa, USA). Data is encrypted at rest with AES-256 and in transit with TLS 1.2+.
No. Never. Your documents are processed for extraction only. We use proprietary AI models that do not train on customer data.
Yes. One click in Settings > Security > Delete all data. This permanently erases all documents, extracted data, and knowledge graph entries. It cannot be undone.
We run on SOC 2-certified infrastructure (Google Cloud Platform). We are working toward our own SOC 2 Type II audit as we scale. Contact us at info@neruva.io for our current security documentation.
We take security seriously. If you have questions, need a security review, or want to report a vulnerability, contact us.
info@neruva.io