How is my data protected?
Security is a core requirement for Evari, not an afterthought. Your data — including your clients' insurance information — is protected at every layer of the platform.
Encryption
- In transit — all data is encrypted using TLS 1.2 or higher
- At rest — all stored data is encrypted using AES-256
- Credentials — integration credentials and API keys are stored in an encrypted secrets vault, never in plain text
Data isolation
Each customer's data is fully isolated. Your documents, configurations, and transaction history are not accessible to any other organisation on the platform.
What data does an assistant access?
Assistants only access the data you explicitly authorise through integrations. For example, if your assistant reads email attachments, it only processes emails in the inbox you connect — it cannot access other email accounts or systems you have not authorised.
Assistants cannot escalate their own permissions.
Does Evari staff have access to my data?
Our engineering and support teams have access controls in place that limit who can access customer data and under what circumstances. Access is logged and audited. We do not access your data unless you explicitly request support that requires it.
Compliance
Evari maintains compliance with:
- GDPR — for customers in the EU and UK
- SOC 2 Type II — see Is Evari SOC 2 compliant? for details
- Australian Privacy Act — for Australian customers
Security concerns
If you discover a potential security vulnerability, please contact us at security@evari.tech. See our security disclosure policy for full details.