Gerendo
← Back

Trust

Security & Privacy

Your data stays yours. Always.

Encrypted at rest with a key only Gerendo holds

Email body content, AI-generated summaries, extracted facts, and OAuth tokens are encrypted with AES-256-GCM before they reach Postgres. The master key lives in our application environment (Vercel), separate from Supabase. A leaked database snapshot, a Supabase staff member, or a compromised service-role token sees only ciphertext.

The three layers, in plain English

The honest answer to "can anyone read my messages?" is layered.

  • At rest in Supabase. Encrypted with AES-256-GCM. Key held by Gerendo, not Supabase.
  • In transit. TLS 1.3 everywhere, between you, our app, the database, and our LLM provider.
  • During Claude inference. Relevant snippets are decrypted in our application server and sent over TLS to Anthropic Claude. Per Anthropic's standard commercial terms, prompts may be retained up to 30 days for abuse monitoring. Anthropic does not train models on your data.

Technical specifics

  • Encryption. AES-256-GCM with a 12-byte nonce, GCM authentication tag, and AAD bound to (table, column, row identity).
  • Key storage. Vercel environment variable, never persisted to disk, rotatable.
  • Database. Supabase Postgres with Row Level Security for tenant isolation.
  • Transport. TLS 1.3 throughout.
  • LLM provider. Anthropic Claude (Haiku 4.5 and Sonnet 4.6).
  • Data retention at the LLM. Anthropic standard terms, up to 30 days for abuse monitoring, no training on your data.
  • Compliance. SOC 2 path planned for a later phase. We do not claim certification today.

RLS for tenant isolation, encryption for operator isolation

Postgres Row Level Security stops one tenant from reading another tenant's rows. That is necessary but not sufficient. RLS does not stop a database operator with a service-role key, a Supabase staff member, or a leaked snapshot. Application-layer encryption does, because the key is not in Supabase. We use both, and we keep the line between them clear.

Never used to train AI

Your data is not anyone's training set. We route through Anthropic's standard commercial API, which does not train on customer data. We do not train our own models on your data.

Permission-aware

Gerendo respects the access controls in your source tools. If a teammate cannot see a Drive file, Gerendo will not show them an answer based on it.

You own the off switch

Disconnect any source in one click. Export everything. Delete it all, permanently, whenever you want.

What we deliberately do not claim

  • Not "zero-knowledge". We hold the encryption key.
  • Not "end-to-end encrypted". That term means only sender and recipient hold keys, which does not apply to a RAG product.
  • Not "even our engineers cannot read your messages" without the operator-level qualifier. During a chat query, snippets are decrypted briefly in process memory on our app server. We claim operator-level isolation (the database operator cannot read your content), not absolute isolation.