Built to handle the work you wouldn't hand anyone else.
Elvin is built from the ground up to securely handle sensitive business data, integration credentials, and service connections.
Our team's security expertise
Before Elvin, our engineering team built platforms at Google Play, Slack, and SmartThings. We have deep experience building and operating products that handle mission-critical business data at scale.
CASA Tier 2 certified
Elvin has been reviewed by third-party security auditors to ensure we comply with strict security requirements. We undergo an annual security audit to maintain this certification. Learn more about CASA (Cloud Application Security Assessment).
How Elvin protects your data
Secure infrastructure
We employ a defense-in-depth philosophy where every system is protected by multiple layers of security. Data is encrypted at rest using AES-256 and encrypted in transit using TLS 1.2+. All data is stored in highly secure and compliant cloud data centers.
Isolated execution environments
Every Elvin agent runs in its own isolated environment. Your data and credentials are never accessible to other users.
Your data stays yours
- Your data is only accessed by the Elvin team with your permission, which you can revoke at any time from settings.
- Customer data is only provided to sub-processors as necessary to deliver our service.
- Your data is never used to train third-party AI models.
- We never sell your data.
Credential security
API keys and credentials you share with Elvin are stored in an encrypted credential vault with strict access controls.
Internal access controls
Access to customer data by Elvin team members is tightly controlled. No customer data is ever accessed by an employee without explicit customer permission.
Sub-processors
We keep both the sub-processors we use and the data we send to them to an absolute minimum. Currently we use:
| Sub-processor | Purpose |
|---|---|
| Anthropic | AI model provider |
| OpenAI | AI model provider |
| Google Cloud Platform | AI services |
| Amazon Web Services | Infrastructure |
Compliance
| Standard | Status |
|---|---|
| CASA Tier 2 | Certified |
| SOC 2 Type II | In progress |
If your organization has specific compliance requirements, please contact us at info@tryelvin.com.
Vulnerability disclosure
At Elvin, we believe that great products require stellar security. Working with security researchers is essential in keeping our software secure. If you have found a vulnerability in our software, we encourage you to report it to us so we can work with you to resolve the issue.
Disclosure policy
- Bugs should be reported to security@tryelvin.com.
- We ask you make a good faith effort to avoid privacy violations, degradation of service, or loss of data.
- Only use accounts you own or for which you have explicit permission from the owner.
- We ask you do not disclose the vulnerability to third parties or the public until we have had a reasonable time to fix it.
- We will make a reasonable effort to fix the vulnerability as soon as you have notified us.
Exclusions: Denial-of-service attacks, spamming, social engineering of Elvin employees, clients, or users, and exploits that involve any physical form of attack or damage.
We consider security research and activity performed in accordance with this policy as authorized.
Deleting your account and data
If you wish to permanently delete your account and all associated data, you can do so at any time through account settings. This action cannot be undone.
Privacy Policy and Terms of Service
For additional information about our privacy practices and terms of use, see our Privacy Policy and Terms of Service.