Quick Navigation

Security Overview

We take your data security as our priority at Trova. We aim to be transparent and open about handling data security to build mutual trust with our users. If you have additional security questions, we are happy to answer them at info@gotrova.ai.

Trova implements comprehensive security measures designed for enterprise environments. Our security architecture follows industry best practices and regulatory requirements to ensure your data remains protected at every layer.

Security Highlights

Military-grade AES 256 encryption protects all data at rest and in transit. 24/7 security monitoring with external audits ensures continuous protection. Zero-password storage with OAuth-only authentication. User-controlled data with instant deletion capabilities. SOC2 certification in progress with GDPR and CCPA compliance.

Minimal Personal Information Stored

Trova follows strict data minimization principles to reduce security exposure and protect your privacy.

What We Don't Store

Zero Password Storage

Trova does not store your passwords from any connected accounts. All logins to connected accounts are performed using OAuth verification for maximum security.

  • No Raw Messages: Trova does not store your actual messages or files
  • No Authentication Credentials: All account access uses secure OAuth tokens
  • No Unnecessary Metadata: We only retain essential indexing information

Our Indexing Process

With your permission, Trova's search engine creates a rich, encrypted index of your content. This process ensures fast search results while maintaining security:

  • Encrypted Processing: Content is encrypted during indexing
  • Immediate Deletion: Original content is deleted after processing
  • Secure Indexing: Only encrypted search indexes are retained
  • Regular Updates: Periodic checks keep indexes current without storing new content

Military-Grade Data Encryption

All user information is protected with military-grade security standards that exceed industry requirements.

Encryption Standards

AES 256 Encryption

All data is protected using Advanced Encryption Standard (AES) 256-bit encryption - the same standard used by military and government agencies worldwide.

Comprehensive Protection

  • Data at Rest and in Transit: All data — whether stored or transmitted — is encrypted using AES-256 encryption.
  • Database Encryption: Full database encryption with key management
  • Backup Security: Encrypted backups with secure key storage

Users Are In Complete Control

We believe you should have full control over your data at all times. Trova provides comprehensive user control options with immediate effect.

Data Control Options

  • Account Disconnection: Disconnect any connected account instantly
  • Complete Account Deletion: Delete your Trova account and all associated data
  • Selective Data Removal: Remove specific data types or sources
  • Easy Reconnection: Reconnect accounts or re-sign up at any time

Data Protection Guarantee

No third parties can access your data. Trova never sells and never will sell users' data. When you delete data, it is permanently removed from our servers.

Privacy Compliance

GDPR Compliance

Full compliance with European General Data Protection Regulation including right to access, rectification, erasure, and data portability.

CCPA Compliance

California Consumer Privacy Act compliance with consumer rights for data transparency, deletion, and opt-out options.

24/7 Monitoring & External Security Audits

Trova maintains continuous security monitoring with regular third-party audits to ensure the highest protection standards.

Continuous Monitoring

  • 24/7/365 Security Operations: Round-the-clock monitoring for threats and anomalies
  • Automated Response: Immediate response protocols for security incidents
  • Vulnerability Scanning: Regular automated scans for new security vulnerabilities

External Audits

  • Independent Security Audits: Regular assessments by respected external security firms
  • Compliance Audits: Third-party verification of regulatory compliance
  • Continuous Improvement: Regular updates based on audit findings

Security Response

Our security team responds to threats within minutes, not hours. All security incidents are logged, analyzed, and addressed with immediate corrective action and system improvements.

Employee Access & Confidentiality

We maintain strict controls over employee access to user data with comprehensive confidentiality measures.

Access Control Principles

  • Principle of Least Privilege: Employees only have access to data necessary for their specific job functions
  • Need-to-Know Basis: Data access is limited to essential troubleshooting and support scenarios
  • Authorized Access Only: All data access requires explicit authorization and is logged
  • Prohibited Personal Use: Employees are strictly prohibited from viewing user data for any personal purposes

When Access May Be Required

There are limited circumstances where employee access to systems may be necessary:

  • Diagnosing technical problems you report
  • Troubleshooting service issues
  • Security incident response
  • Compliance with legal requirements

Training & Compliance

  • Regular Training: All employees and contractors receive privacy and security training
  • Confidentiality Agreements: Strict contractual confidentiality obligations for all team members
  • Access Auditing: All data access is logged and regularly audited
  • Background Checks: Comprehensive screening for all employees with data access

Compliance Standards & Certifications

Trova maintains compliance with major security and privacy regulations to ensure enterprise-grade protection.

Current Compliance

  • GDPR: European General Data Protection Regulation
  • CCPA: California Consumer Privacy Act
  • Privacy Shield: EU-US and Swiss-US frameworks

Certifications In Progress

SOC2 Type II

Currently undergoing SOC2 Type II certification - the gold standard for enterprise security controls covering security, availability, processing integrity, confidentiality, and privacy.

Regulatory Framework

Our compliance program addresses key regulatory requirements:

  • Data Protection: Comprehensive privacy controls and user rights
  • Security Controls: Technical and organizational security measures
  • Incident Response: Structured breach notification and response procedures
  • Audit Trails: Complete logging and monitoring for compliance verification