Trust & Infrastructure
How We Protect Your Data
Valentino AI runs on Supabase (Postgres) and Vercel. Here is exactly how we protect your data — no buzzwords, just facts.
Encryption at Rest
All data stored in Supabase Postgres is encrypted with AES-256 at the disk layer, managed by AWS. Object storage (uploads, generated images) is encrypted the same way.
Encryption in Transit
All connections use TLS 1.3. Traffic between your browser and our servers, and between our servers and third-party APIs (Gemini, OpenRouter, Perplexity, Apify), is encrypted.
Data Isolation
Postgres Row-Level Security policies enforce per-user data isolation. Every row carries an owner; users can only read and write rows they own. Service-role access is restricted to server-side code paths.
Zero Data Training
We never use your business data, generated reports, or uploaded images to train AI models. Your proprietary information stays yours.
Server-Side Secrets
API keys for Gemini, OpenRouter, Apify, Apollo, and other services are stored server-side only. They are never exposed to the client browser.
Authentication
Supabase Auth handles user auth with email + password (with email verification), Google OAuth, and password reset flows. Passwords are bcrypt-hashed; we never store plaintext.
Infrastructure Providers
Our security posture is built on the compliance certifications of our infrastructure providers:
Supabase (Postgres + Auth + Storage)
SOC 2 Type II, HIPAA-eligible · runs on AWS (SOC 1/2/3, ISO 27001, FedRAMP)
Vercel
SOC 2 Type II, ISO 27001, GDPR
Cloudflare (DNS/CDN)
SOC 2 Type II, ISO 27001, PCI DSS
Compliance & Privacy Posture
Where we stand today. We list status honestly — certifications-in-progress are flagged, not implied.
SOC 2 Type II
We inherit SOC 2 from Google Cloud and Vercel today. A direct Valentino AI audit is on the roadmap; reach out if you need our security questionnaire for procurement.
GDPR & CCPA
Users in the EU and California can request data export or deletion from privacy@valentinoai.com. We do not sell personal data, and we honor opt-outs from training (see “Zero Data Training” above).
Data Processing Agreement
DPA available on request for business customers. Email hello@valentinoai.com.
HIPAA
Not currently in scope. Don’t upload PHI to Valentino AI today.
Last reviewed: May 2026
Reporting Security Issues
If you discover a security vulnerability, please report it responsibly to security@valentinoai.com (or hello@valentinoai.com). We take all reports seriously and will respond within 48 hours.