Security & Privacy

Your Data Privacy isOur Top Priority

Veritas ESG is built with a zero data retention architecture. Your report content is never stored.

Core Principle

Zero Customer Content Storage

We do not persist any customer report content

What We Do NOT Store
Customer ESG inputs
Uploaded documents or evidence
Generated report content
AI prompts containing customer data
Report drafts or versions
Edited content or history
What We DO Store (Minimal Metadata Only)
User ID and authentication data
Timestamp of generation
Report type selected
Credits spent
Processing time
Success/failure status

Strictly no text content, no numbers entered by users, no files, no extracted snippets.

How Your Data Flows

Customer content exists only transiently during processing

1

Input

Data enters your browser and is sent encrypted to our servers

2

Process

Data exists only in transient server memory during generation

3

Purge

All buffers and transient data are immediately purged after export

AI Policy

No Model Training on Your Data

Your data is never used to train or fine-tune AI models. Complete confidentiality is guaranteed.

  • No fine-tuning on customer data
  • No storage of prompts/responses for training
  • No logging of request bodies or generated text
  • Logs contain only safe telemetry (status codes, latency)

Redacted Logs

Only metadata, no content

Stateless Processing

No persistent storage

Immediate Purge

Data deleted after generation

Security Best Practices

Built with industry-standard security measures

TLS Encryption

All data in transit is encrypted using industry-standard TLS protocols. Your information is protected from interception.

Strong Authentication

Secure OAuth-based authentication with session management. Password policies enforce minimum 12 characters with complexity requirements.

Role-Based Access Control

Fine-grained permissions with SuperAdmin, Admin, and User roles. Least-privilege access ensures users only see what they need.

Audit Logging

Comprehensive audit trail for admin actions and credit transactions. Metadata-only logging ensures accountability without storing content.

Privacy-Focused Architecture

Our zero-retention design minimizes data exposure and supports your organization's privacy requirements

Data Minimization
Zero Content Storage
Transient Processing
Metadata-Only Logs

Questions About Security?

Contact us for detailed security documentation or privacy inquiries

Sign InRead Documentation