Security and Compliance at Palveron
How we protect your data, meet regulatory requirements, and ensure the integrity of every governance decision.
Security Overview
Encryption
AES-256-GCM at rest, TLS 1.3 in transit. All data encrypted end-to-end. Database-level encryption via Supabase. Blockchain hashes provide additional integrity verification.
Infrastructure
Gateway core written in Rust/Axum for maximum performance and memory safety. Hosted on Hetzner (EU, Germany). Circuit breaker patterns, health checks, and graceful degradation built in.
Access Control
5-role RBAC model (Owner, Admin, Member, Viewer, Billing). Multi-tenancy with Organization and Project isolation. Every API call authenticated via dual-auth (API-Key + JWT).
Authentication
Kinde Auth with SSO/SAML/OIDC support (Business and Enterprise). Session management with secure token rotation. Abstracted behind AuthProvider for replaceability.
Compliance Frameworks
The platform supports readiness tracking, controls mapping, and evidence export for 12 regulatory frameworks.
Data Residency
EU-Only Hosting
All customer data is stored in the European Union (Hetzner, Frankfurt/Germany). No data leaves the EU unless explicitly configured for on-premise deployment. Data region is configurable per project.
Tenant Isolation
Multi-tenancy enforced at the database level via Organization and Project binding. Row-level security on all tables. No cross-tenant data access possible.
Sub-Processors
Public Blockchain Verifier
Every critical governance decision can be independently verified against the Flare blockchain. No account required. Share the verification link with auditors, regulators, or customers.
Try the Public VerifierResponsible Disclosure
If you discover a security vulnerability, please report it responsibly. We investigate all reports and aim to resolve confirmed vulnerabilities within 72 hours. Do not disclose vulnerabilities publicly before they are resolved.