Security

Security at Avirt rests on three ideas: your data is yours, AI is led but human-accountable, and verification is explicit. We build so that a decision can always be reconstructed, an automated action can always be reversed, and your records can always be exported.

• Encryption — data is encrypted in transit (TLS) and at rest.
• Verified payments — we confirm status through supported rails and never store full card or bank credentials.
• Minimization — we collect what the workflow needs and retain it only as long as required.
• Portability — export your records and Customer Memory at any time, on any plan.

• Reversible actions — every automated action keeps an undo path, visible in the audit timeline.
• Named approvals — high-risk decisions (credit, clinical, deal-stage) route to a named human.
• Explicit verification — Pending, Under Review, and Verified are real states, never assumptions.
• Audit-ready records — AI activity stays inspectable so outcomes can be reconstructed.

Access to your workspace is role-based, and administrative controls include an AIOS kill-switch on higher plans. Enterprise workspaces support schema-per-tenant data isolation so regulated businesses keep a hard boundary around their data.

We align our handling with the NDPR and comparable regimes in the markets we serve, and we generate audit-ready records to support your own compliance work. Regulated actions depend on customer-held licenses, licensed partners, or jurisdiction-specific approvals before activation. Avirt provides tools to support compliance; it does not assume your regulatory obligations.

If you believe you’ve found a vulnerability, we want to hear from you. Please disclose responsibly and give us a reasonable window to respond before any public disclosure.