Solvren security baseline
Solvren is designed as a risk intelligence and execution layer, not a source-of-truth financial system.
Solvren minimizes sensitive data by default, storing operational signals, derived impact, and hashed identifiers rather than persisting unbounded raw source-of-truth payloads. Historical rows may exist under a phased migration with defined retention.
Solvren is designed with HIPAA-ready architecture principles, SOC 2-aligned controls, and FedRAMP-informed security practices. We do not claim HIPAA compliance, FedRAMP authorization, or SOC 2 certification unless and until formally achieved.
Baseline controls include:
- Data minimization by design (inbound integration payloads classified, redacted, and normalized at persistence)
- Tenant isolation through Supabase Row Level Security
- Role-based access control
- TLS encryption in transit
- Database encryption at rest through managed infrastructure
- Encrypted storage for sensitive credentials (in progress hardening)
- Automated secret scanning
- Restricted production debugging
- Security headers and Content-Security-Policy (measured hardening)
- Audit logging for sensitive administrative actions
- No default employee access to customer-sensitive data without authorization workflows planned