Trust Center

Don't trust us. Verify us.

How we protect your data, prove the integrity of every governance decision, and let you check that proof yourself — without asking us, and without trusting our infrastructure.

What we prove — and how you check it yourself

Every critical governance decision is hashed, batched into a Merkle tree, and anchored on a public blockchain. You can re-derive the proof independently.

1 · Hash

Each governance decision is hashed (SHA-256) the moment it is recorded. The hash covers the decision and its context — change one byte and the hash no longer matches.

2 · Merkle batch

Hashes are combined into a Merkle tree. A single compact root commits to thousands of decisions at once, and any one decision can be proven to belong to that root.

3 · On-chain anchor

The Merkle root is written to the Flare blockchain. Neither we nor anyone else can alter it afterwards — the anchor is public and permanent.

Why blockchain?

Write-once storage (WORM) proves to the operator that records were not tampered with. Blockchain attestation goes one step further: it makes proofs third-party-verifiable, so an auditor or regulator can confirm a decision without trusting us — or our infrastructure.

It is "and", not "or": WORM as a pluggable attestation anchor, for customers whose policies require it, is on the roadmap. Planned

You don't have to route your traffic through us

Three ways to bring governance to your AI — chosen per system. Only one of them sits in your request path.

Gateway enforcement

Real-time: traffic passes through the gateway, policies are enforced inline, and every call is logged. Use it where you want blocking, not just observation.

Governance control plane

Platform-native agents (Salesforce, Copilot, ServiceNow) that cannot be proxied send events to Palveron without rerouting their traffic. Governance and evidence, without sitting in the path.

Browser Guard

Server-side

Governs AI usage in the browser with no proxy in front of it. PII masking runs server-side — we say so plainly; if you need processing inside your own perimeter, self-host the gateway.

The platform that transports your traffic and runs your agents cannot, at the same time, independently attest to what they did.

That is why Palveron sits alongside your network and CDN, not instead of them. Keep Cloudflare in front — Palveron adds the independent, third-party-verifiable record of what your AI actually did. Complementary, not competing.

How your data is protected

Encryption at every layer, an audit trail that cannot be rewritten, and strict tenant isolation.

LayerHow it is protected
Data at restAES-256-GCM. Tenant provider keys (BYOM) are encrypted at rest; API keys are stored hashed, never in plaintext.
Data in transitTLS 1.2 and 1.3, terminated by Cloudflare at the edge.
Trace content (prompts / responses)Encrypted with a three-layer envelope (root key → per-organization key → per-trace key), so one tenant's content stays cryptographically isolated from another's.
Key storageThree independent key scopes (trace content, provider keys, durability buffer), each rotatable on its own. Customer-held keys (BYOK) are planned.

Immutable audit trail

Audit records are append-only, enforced by database triggers — no update, no delete. Who did what is enforced by a database foreign key: every audit row resolves to a real, canonical user identity.

Tenant isolation

Multi-tenancy is enforced at the database level via Organization and Project binding. Every query is scoped to the authenticated project; no cross-tenant access is possible.

Role-based access

A five-role model (Platform Admin, Owner, Admin, Editor, Viewer). Dashboard-only surfaces reject machine keys; data endpoints accept scoped API keys.

Browser Guard data flow

Server-side

The Browser Guard sends captured activity to the gateway, where PII detection and masking run server-side before anything is stored. We never claim on-device masking — if that is a requirement, self-host the gateway so the flow stays inside your perimeter.

As of 2026-07-07

Compliance readiness

Readiness tracking, controls mapping, and evidence export across the frameworks below.

EU AI Act· 12 controlsDORA· 9 controlsNIST AI RMF· 7 controlsGDPR· 8 controlsHIPAA· 7 controlsSOC 2· 10 controlsISO 27001· 17 controlsISO 42001· 11 controlsOWASP Agentic· 10 controlsSingapore PDPA· 8 controlsColorado AI· 8 controls

Not yet certified — and we will say so

Planned

Palveron maps to these frameworks and produces audit evidence, but we are not currently SOC 2 or ISO 27001 certified. Those certifications are planned. We would rather tell you that than imply a badge we have not earned.

Read the compliance documentation
As of 2026-07-07

Where your data lives

Customer data is stored in the EU (Hetzner, Germany). Below is every sub-processor that touches it.

ProviderPurposeDomicile / data location
Hetzner Online GmbHHosting, computeGermany (EU)
Supabase Inc.Database (PostgreSQL)Data in EU (Frankfurt, eu-central-1); US entity, SCCs
Kinde Technologies Pty LtdAuthentication, SSOAustralia (EU adequacy decision)
Stripe Payments Europe, Ltd.Payment processing (hosted Checkout, only after an active click)Ireland / US (SCCs)
Resend Inc.Transactional email (contact, waitlist)US entity, EU region (eu-west-1); SCCs
Flare NetworkBlockchain attestation (SHA-256 hashes only, no personal data)Decentralized
Cloudflare, Inc.CDN, DNS, DDoS protection, TLSGlobal edge; US entity, SCCs

Payment data is processed by Stripe only after you actively start a checkout, on Stripe's hosted page — no Stripe scripts run on palveron.com. Cloudflare acts as a TLS-terminating proxy in front of the platform. Provider names link to each sub-processor's DPA where a public one exists.

As of 2026-07-07

Deployment options

Run Palveron the way your risk model demands.

SaaS (EU)

Fully managed in the EU. Contractual uptime targets of 99.5% (Business) and 99.9% (Enterprise).

Self-hosted

Guided setup

Docker, Helm, and Kubernetes manifests ship today. Fresh installs are currently a guided setup for design partners — we will not pretend it is a one-command install yet.

Air-gapped & BYOK

Planned

Fully air-gapped deployment and bring-your-own-key encryption are on the roadmap. Talk to us if this gates a contract.

Responsible disclosure

Found a security issue? Report it to us privately. We acknowledge every report within two business days and keep you posted as we investigate. Please do not disclose publicly until we have had a chance to fix it.

[email protected]