Security & Trust
Built for businesses that cannot afford to get it wrong.
Zenvora holds your financial records — so we treat security as a core feature, not an afterthought. This page describes the controls in place today. We keep it honest: we only claim what we actually do.
Database-level tenant isolation
Every organization's data is separated by PostgreSQL row-level security — enforced in the database, not just the app. One business can never read another's records, even if application code has a bug.
Encryption in transit & at rest
All traffic is served over TLS, and data is encrypted at rest by our database provider. Sensitive fields such as employee tax identifiers are additionally encrypted at the application layer.
Authentication & 2FA
Accounts are protected by Supabase Auth with salted-hash password storage and optional TOTP two-factor authentication. Role-based access control (six roles) limits who can see and change financial data.
Immutable audit log
Sensitive actions are recorded in an append-only audit trail — who did what, and when — so every change to the books is accountable. Posted ledger entries cannot be edited or deleted, only reversed.
Encrypted backups
Data is backed up regularly with encryption and point-in-time restore, so your books can be recovered after accidental loss.
Reputable infrastructure
Zenvora runs on Supabase (PostgreSQL & auth) and Vercel (hosting). We use a minimal set of vetted sub-processors, each listed in our Privacy Policy.
Data ownership & compliance
Your business data is yours. We process it on your behalf, never sell it, and never use your records to train third-party AI models. You can export or delete your data at any time. For data-protection details see our Privacy Policy, and business customers who need one can request our Data Processing Agreement.
Formal certifications (e.g. SOC 2) are on our roadmap; we will publish them here only once independently verified. Report a vulnerability: security@zenvora.com.