Security & Trust

Designed so you never have to trust us blindly

Finance teams process tens of millions of dollars through Solvce. These are the architectural decisions that make that possible without asking you to simply take our word for it.

Verified commitment

Your data is never used to train any AI model — not ours, not anyone's.

Every invoice, purchase order, vendor name, GL code, and price tolerance you enter exists solely to process your work. It is not shared with AI providers, not contributed to training datasets, not used to benchmark model performance, and not visible to other customers in any form. The AI that reads your invoices learns your patterns and serves only your account.

How it works

Six principles, built in from day one

🚫

Your data never trains any AI model

Every document you process — invoices, purchase orders, delivery receipts — is used exclusively to serve your account. It does not contribute to any shared model, any training dataset, or any benchmarking exercise. This applies to every AI component in the system, without exception.

🏗️

Your own isolated environment — enforced at the database layer

Every tenant's data is isolated at the database engine level using PostgreSQL Row-Level Security. The isolation is enforced by the database itself, not the application — so even a bug or misconfiguration in the app code cannot expose your data to another account. It is not a schema prefix or a row filter you can accidentally misconfigure.

🔐

Documents are processed in-cloud — never sent outside

When you upload an invoice or delivery receipt, AI extraction happens inside an isolated cloud environment. The document does not leave that environment to reach a third-party AI API. No vendor, no subprocessor, and no AI service outside of your environment ever receives your document content.

🔑

ERP credentials stored in a dedicated vault

Connection credentials for your accounting system are stored in a secrets vault — separate from the application layer. They are never written to logs, never visible in configuration files, and never accessible to Solvce staff in plain text. Access is scoped, audited, and revocable.

🪪

Access enforced at the database level, not just the application

Row-level security policies on every table mean that even if application code had a logic error, the database would reject any query that crossed account boundaries. There is no single point of failure in our access control — it is enforced at multiple independent layers.

📋

Every action is permanently logged

Every field extraction, every override, every approval, every login, and every API call generates an immutable audit record. The log cannot be edited or deleted — not by your team, and not by ours. It is available in full for export at any time for compliance or audit purposes.

Architecture

What the security looks like under the hood

Plain descriptions. No marketing language.

Authentication

Identity managed by an enterprise-grade auth provider — no passwords stored in application code

Every session carries a cryptographically signed token verified on each request

Multi-factor authentication available on all plans

Session tokens expire; refresh is rate-limited and anomaly-detected

Data isolation

Your own isolated environment — enforced at the database layer, not the app

Row-level security policies enforced at the database engine, not the application

No cross-tenant queries are architecturally possible

Tenant identifier is bound to your identity provider organisation ID — cannot be spoofed at the application layer

Document handling

Documents uploaded to a private, isolated storage bucket — not publicly addressable

AI extraction executes inside a contained cloud environment — no external API calls

Documents are not stored indefinitely — retention periods are configurable

Document content never appears in logs or error traces

ERP & integrations

All ERP connections use OAuth 2.0 — no passwords stored

Credentials written to a dedicated secrets vault, not the application database

Token refresh is automated; revocation propagates immediately

Integration scope is read + write on AP-specific objects only — not full ERP access

Network & infrastructure

All traffic encrypted in transit via TLS 1.2 minimum

Data encrypted at rest using platform-managed keys

API endpoints rate-limited and protected against common attack patterns

Infrastructure deployed in a single-tenant Cloud Run environment — no shared compute

Audit & compliance

Immutable audit log for every user action, AI decision, and system event

Audit log exportable as CSV at any time — no support ticket required

Approval chains and override records meet SOX documentation requirements

Data residency available in Australia, US, and EU regions

Common questions

Straight answers. No legal hedging.

Can Solvce employees see my invoices?

No. Support access to production data requires explicit customer consent, a time-limited session, and generates an audit record. Routine support does not involve access to document content.

Does Solvce use my data to improve its AI?

Never. Your data — documents, extracted fields, overrides, vendor names, amounts — is used solely to process and match your invoices. It does not feed any shared model, training dataset, or product analytics pipeline.

What happens to my data if I cancel?

Your data remains accessible for 30 days post-cancellation for export. After that, it is permanently deleted from all systems including backups, within 90 days. We will confirm deletion in writing on request.

Is my database shared with other customers?

No. Each customer has their own isolated environment — enforced at the database layer, not the app. PostgreSQL Row-Level Security ensures your data cannot be read or written by another tenant's session, even if application code has a bug. Other customers cannot access your data even in a hypothetical breach scenario.

Where is data stored?

By default, in Australia (Sydney region). Enterprise customers can select US (Virginia) or EU (Frankfurt) residency. Data does not leave your selected region except for AI extraction, which runs inside the same cloud provider's network.

Do you have a Data Processing Agreement (DPA)?

Yes. A standard DPA is available for all customers. Enterprise customers can request a custom DPA. Contact hello@solvce.com.

Have a specific security requirement?

Enterprise customers can request a custom DPA, SOC 2 summary, or a security questionnaire review.

Contact security team View plans