NewPrava v3.0 โ€” 30 security modules now live.What's new โ†’
  1. Home
  2. Security & Trust

Security by architecture.
Privacy by design.

Trust isn't a marketing claim โ€” it's a technical commitment embedded in every layer of the Prava platform. Here's how we secure what we build.

Security Architecture

Secure-by-design infrastructure.

๐Ÿ”

Ephemeral Compute

GCP e2-standard-4 instances destroyed after each task. No cross-session data persistence. gVisor sandbox with strace syscall logging.

๐Ÿ›ก๏ธ

Encryption

AES-256 in transit and at rest. Cryptographic erasure on deletion. NIST SP 800-88 Clear/Purge/Destroy standards.

๐ŸŒ

Network Isolation

VPC firewall with restricted egress. Non-root service accounts. Strace syscall logging. Zero-trust internal architecture.

๐Ÿงช

Annual Pen Testing

Independent third-party security assessment conducted annually. Bug bounty program via responsible disclosure.

Responsible AI

AI you can verify, trust, and govern.

Prava is built with AI governance at the core โ€” not as an afterthought.

๐Ÿ‘๏ธ

Human Oversight

AI outputs require human review before any enforcement action. Source attribution mandatory on all AI reasoning chains.

๐Ÿ“

ISO 42001 Aligned

AI governance framework aligned with ISO/IEC 42001 AI Management System. Documented AI risk management policies.

๐ŸŽฏ

Hallucination Mitigation

GraphRAG knowledge graphs ground every AI output in verifiable sources. Confidence scoring on all security findings.

Privacy Framework

Compliant. Documented. Continuous.

๐Ÿ‡ช๐Ÿ‡บ
GDPR compliant
privacy@swiftsafe.com ยท DPO: dpo@swiftsafe.com ยท 72-hour breach notification ยท DPIA workflow
๐Ÿ‡ฎ๐Ÿ‡ณ
DPDP 2023 (India)
Grievance: grievance@swiftsafe.com ยท Data principal rights within 30 days
๐Ÿ›๏ธ
Privacy by Design
Embedded in our SDLC. Data minimisation by architecture. Default privacy settings.
๐Ÿ“‹
Sub-processor governance
All sub-processors have DPAs with Standard Contractual Clauses and audit rights.
Certifications & Roadmap

Where we stand. Where we're going.

โœ“ CompletedAnnual Penetration Testing
โœ“ AlignedISO/IEC 42001 AI Governance
In ProgressISO 27001:2022 CertificationQ1โ€“Q2 2026
In ProgressSOC 2 Type IIQ1โ€“Q2 2026
Responsible Disclosure

Working with the security community.

Prava is committed to working with security researchers and the broader security community to identify and fix vulnerabilities responsibly. We treat researchers as partners.

How to report

Email privacy@swiftsafe.com with subject prefix [SECURITY] or [PLACEHOLDER: security@prava.ai when established]. Provide reproduction steps, impact assessment, and any proof-of-concept artifacts.

Our commitment

  • โœ“ Acknowledgement within 24 hours
  • โœ“ Regular updates throughout investigation
  • โœ“ No legal action for good-faith research
  • โœ“ Public credit for researchers (with permission)

In scope

  • โ€ข prava.ai and all subdomains
  • โ€ข Prava platform functionality
  • โ€ข API endpoints
  • โ€ข Authentication flows

Out of scope

  • โ€ข Social engineering attacks
  • โ€ข Physical attacks
  • โ€ข Denial of service testing
  • โ€ข Issues in third-party services

Cookie Policy

We use the following categories of cookies:

  • Strictly necessary: session authentication, security tokens, CSRF protection. Cannot be disabled.
  • Analytics (with consent): anonymised platform usage analytics to improve the product. Opt-out anytime.
  • No advertising cookies: we do not use third-party advertising cookies.