← Back to Home

Trust & Security

You share deeply personal goals with Histriva. Here is exactly how we protect them.

Encryption

  • Every AI conversation is encrypted with a unique AES-256-GCM key before storage — the database only ever sees ciphertext
  • Envelope encryption pattern: each conversation gets its own key, wrapped by a master key
  • Passwords are hashed with bcrypt (cost factor 12) — we never store plaintext passwords
  • All data is encrypted in transit via HTTPS/TLS

GDPR & CCPA compliance

  • Right to erasure (GDPR Article 17) — delete your account and all data is cascade-removed, including encrypted conversations
  • Data portability (GDPR Article 20) — export all your data as JSON anytime from Settings
  • We honor CCPA deletion requests — contact privacy@histriva.com
  • Analytics are opt-in only — no tracking until you explicitly consent
  • No dark patterns in consent flows — two clear options, no pre-checked boxes

Access control

  • Row-Level Security (RLS) on every database table — queries are scoped to your user ID at the database layer
  • API-layer authentication via signed JWT sessions on every request
  • Server-side only database access — the database key never reaches your browser
  • Admin operations are isolated and justified in code — user-facing routes use user-scoped clients

AI data handling

  • Anthropic (our AI provider) does not store or train on API data — per their published commercial terms
  • Only sanitized coaching context reaches the AI model — not your full conversation history
  • Crisis signals are handled locally — the AI is never contacted for safety-critical detection
  • AI output is filtered through a two-pass safety system before reaching you

Your data controls

  • Export all your data as JSON — goals, habits, conversations, scores, everything — from Settings at any time
  • Delete your account and every piece of data is permanently removed via cascade delete
  • Analytics consent toggle in Settings — revoke consent anytime and PostHog stops tracking immediately
  • You own your data. We don't sell it, share it for advertising, or use it to train AI models

Vendor commitments

  • Anthropic: does not store or train on API data
  • Supabase: SOC 2 Type II certified, data encrypted at rest and in transit
  • Sentry: coaching content scrubbed before error reports are sent — no conversation data in error logs
  • PostHog: PII stripped from all analytics events — only anonymous user IDs and domain-level metrics. Session replays mask every text node and input value at the recorder, so we capture interaction shape (clicks, scrolls, navigation) but never readable content

Automated safety classification

  • Every message you send to the AI coach is run through a two-step safety classifier (regex patterns, then AI-confirmed). The classifier looks for crisis signals like suicidal ideation, self-harm, abuse, eating disorder, substance crisis, or acute distress.
  • When a signal is detected at Tier 0 (imminent crisis) or Tier 1 (elevated risk), we log a SafetyEvent row containing only: tier, category, optional domain, and timestamp. We do NOT store the message text in the safety event itself — the row is metadata, not content.
  • Tier 0 (imminent crisis) and Tier 1 (elevated risk) trigger a crisis-response message with relevant hotlines and resources before the AI continues. Tier 2 (supportive) softens the coaching tone for the rest of the conversation. Tier 3 (no signal) does nothing.
  • Safety event categories are limited to a fixed set: SUICIDAL_IDEATION, SELF_HARM, HARM_TO_OTHERS, ABUSE_VICTIM, FINANCIAL_DESPERATION, EATING_DISORDER, SUBSTANCE_CRISIS, ACUTE_DISTRESS, MILD_DISTRESS. There are no free-text or hidden categories.
  • The classification is for routing only — it does not affect your ability to use the service, does not lock or suspend your account, and is not shared with sub-processors. The only downstream effect is the crisis-response message and a soft tone shift for that conversation.
  • You can request a copy of your safety event history at any time via the Settings → Export My Data flow (GDPR Article 20). The export includes the same tier / category / domain / timestamp values described above.
  • If you believe a safety event was incorrectly logged or want a human to review the classification, email privacy@histriva.com. Per GDPR Article 22, you have the right to request human review of automated decisions and to contest the outcome.

Infrastructure

  • Application hosted on Netlify with automatic HTTPS and DDoS protection
  • Database hosted on Supabase (AWS) with automatic backups and point-in-time recovery
  • Rate limiting on all API endpoints to prevent abuse
  • CSRF protection via origin header verification on all mutations
  • Content Security Policy headers to prevent XSS attacks

Security concerns?

If you discover a vulnerability or have a security question, contact us at security@histriva.com

Privacy PolicyTerms of Service