Security and data handling

Data residency

Your Customer Data is stored and processed in the AWS region you elect at contract signing — United States (us-west-1) or European Union. The election is contractual. We do not transfer your data outside your elected region except for transient, inference-only AI processing through AWS Bedrock as described below, or with your prior written consent. Changing region requires an amended Order Form and a planned data-migration operation performed by Daviah.

Tenant isolation

Each customer runs in a dedicated tenant. Access is scoped to your tenant; no customer can access another tenant's data, configuration, or resources. Isolation is enforced at the database layer through row-level security, not only at the application layer.

Audit logs

The Service maintains tamper-evident, hash-chained audit logs of every Service action — by your users and by Daviah personnel — within your tenant. Every entry's hash is linked to the prior entry's hash; tampering is detectable on rebuild. Default retention is seven years, aligned with SOX 17a-4 record-retention principles. You may configure retention for your tenant from 1 to 30 years through tenant admin. After 365 days, entries archive from the operational database to encrypted object storage within your elected region but remain queryable through the Service throughout the retention period. Each entry is stamped with the retention policy in effect at insert time; policy changes do not retroactively alter historic audit data.

Backups and disaster recovery

Automated backup procedures for the operational database supporting the Service, consistent with AWS RDS managed-backup capabilities for your elected region. Backups and point-in-time recovery snapshots are stored within your elected region — never replicated outside. Specific backup frequency and recovery-point objectives are set out in your SLA.

Identity and access

SSO and SCIM provisioning are included on every plan tier. No separate identity add-on, no per-seat SSO surcharge.

AI and machine-learning data handling

AWS Bedrock processes Customer Data for inference only. We do not train, fine-tune, or otherwise improve any third-party AI/ML model on your data, and we do not permit any sub-processor to do so. Aggregated and anonymized data — irreversibly stripped of identifiers that could be used to identify you, your users, your suppliers, or any natural person — may inform our internal product analytics and roadmap, but is never sold, licensed, published, or redistributed.

Sub-processors

AWS · AWS Bedrock · Whisp (operated by FAO, JRC, and WRI, for deforestation-risk plot screening). Current and complete sub-processor list available on request and maintained in your Data Processing Addendum.

What happens to your data when the contract ends

For 30 days following expiration or termination, your administrative users retain access to the Service for the sole purpose of exporting your Customer Data through the tenant data-export functionality, at no additional charge. After the 30-day wind-down period, your tenant transitions to deleted status — your data remains in the Service's storage systems but is not accessible through the Service interface. You may, at any time after the wind-down period, request full data deletion in writing; we delete from operational and archival systems within 30 days, except for audit log entries we are required to retain by SOX, any data we are required to retain by law or legal hold, and aggregated data which is no longer Customer Data.

Legal documents

Master Services Agreement · Data Processing Addendum · Security Schedule · Service Level Agreement · Order Form templates. Request the legal packet.

SOC 2

SOC 2 Type I attestation is in progress. We will not claim attestation until the signed report exists.

Need depth on a specific control or sub-processor before signing? Email admin@daviah.io and the founder will respond directly.