Verings
Start a diagnostic
Security & trust

Candor depends on confidentiality.

People only tell the truth when they trust it will be protected. Confidentiality isn’t a setting in Verings; it’s wired into the architecture.

01

Confidentiality & anonymity

  • Individual responses are never shown to the manager: by design, not by policy.
  • A minimum-N gate suppresses or merges any segment cut too small to protect a person.
  • Roster identity (name, email) is used only to deliver invites, never joined to response content in any manager-facing view.
02

Data residency & GDPR

  • All data stores and sub-processors run in the EU region.
  • Built GDPR-first: lawful basis, data minimisation, and respondent rights are first-class.
  • Respondent input is treated as sensitive personal data and handled accordingly.
03

AI providers

  • We use providers under zero-retention, no-training terms, so your organisation’s data is not retained or used to train models.
  • Prompts that reach the synthesis step carry no manager identity, keeping the analysis evidence-bound.
  • AI usage is metered per engagement for cost transparency.
04

Authentication & access

  • Passwordless sign-in via single-use magic links, so there are no passwords to phish or leak.
  • Every session is verified against the auth server, not trusted from a cookie alone.
  • Respondents have no account; they enter through a unique, single-use, device-bound link.
05

Data isolation

  • Row-level security enforces that a manager can only ever reach their own engagements.
  • Raw response data is default-deny: it is accessible only to the trusted server engines, never to the manager directly.
  • Managers see only the guarded readout and intervention plan.
06

Infrastructure

  • Data encrypted in transit (TLS) and at rest by our EU-region managed Postgres provider.
  • Email delivery runs through an EU-region provider on an authenticated sending domain.
  • No real personal or client data is used in development, testing, or fixtures. Synthetic only.
·Sub-processors

Who we rely on, and where they run.

SupabaseManaged Postgres, auth, storageEU
AnthropicAI models (zero-retention)ZDR
ResendTransactional emailEU
·Responsible disclosure

Found something? Tell us.

If you believe you’ve discovered a security issue, please email security@verings.com. We’ll acknowledge your report and keep you updated as we investigate. Please give us a reasonable window to remediate before any public disclosure.