PRAIVON

Security · Praivon

Built like a vault.
Run like a bank.

Your biometric fingerprint is the most sensitive data we'll ever hold. We treat it that way — with infrastructure, encryption, and policies that go beyond what regulators require.

Six pillars of protection

How we protect what you've trusted us with.

PILLAR 01

EU-only data residency

Every byte of your data — biometric fingerprints, account information, scan results — is stored exclusively in EU-based data centers. No transfer to US servers. No CLOUD Act exposure. No exceptions.

Powered by Vercel EU regions and Stripe Ireland. Specific regions: Frankfurt (eu-central-1) primary, Dublin (eu-west-1) failover.

PILLAR 02

AES-256 encryption everywhere

The same encryption standard used by banks and intelligence agencies. Applied at rest in our databases. Applied in transit via TLS 1.3. Applied to backups. Applied to logs.

Keys are managed via hardware security modules (HSM). Rotation every 90 days. Compromise of one layer doesn't expose the others.

PILLAR 03

Biometrics as fingerprints, never raw

We never store your actual photo or audio. The moment you upload, it's converted into an encrypted mathematical fingerprint and the original is destroyed. Even if our database leaked, it would contain only mathematical hashes — useless for reconstruction.

Conversion uses one-way embedding models running on isolated EU compute. The original file lives in memory for under 60 seconds.

PILLAR 04

One-click deletion, permanent

Your dashboard has a Delete button. Press it, your biometric data is purged within minutes from active databases. Within 7 days from all backups. No 'soft delete' — gone is gone.

Confirmation by email + dashboard. Auditable proof of deletion provided on request.

PILLAR 05

Strict access control, audited

Only a minimal team has database access, and only with role-based permissions. Every access is logged. Logs are retained for 2 years. Independent auditors review them annually.

Two-factor authentication mandatory. Hardware security keys for production access. No remote access from non-EU IP addresses.

PILLAR 06

Independent security review

We don't grade our own homework. An independent EU security firm conducts annual penetration testing and code review. Findings are addressed within strict SLAs and summary reports are available to enterprise clients.

Currently in process: ISO 27001 certification (estimated Q4 2026), SOC 2 Type II preparation.

Six commitments

Things we will never do.

These are not marketing claims. These are binding policies that our auditors verify.

  • 01

    We will never sell, rent, or share your data with advertisers.

  • 02

    We will never use your biometric data to train AI models.

  • 03

    We will never transfer your data outside the EU/EEA without your explicit per-case consent.

  • 04

    We will notify you within 72 hours of any data breach affecting your account.

  • 05

    We will provide independent audit summaries to clients on request.

  • 06

    We will not introduce ads, trackers, or third-party analytics that compromise your privacy.

Responsible disclosure

Found a vulnerability?

We work with security researchers to keep Praivon safe. Report issues privately and we'll respond within 48 hours, fix the issue, and credit you publicly if you wish.

security@praivon.com

PGP key available on request · Bug bounty program in preparation

Take it back

Reclaim what's yours.

Most takedowns start within 24 hours of signup. The sooner you seal it, the less of you they have.