SOV AI

Security

Upload SOV

Security & Data Practices

SOV AI, by SOVAI Technology LLC, helps commercial P&C brokers upload, verify, and export Schedule of Values data. Here is exactly how we handle and protect that data — no more, no less.

Our commitment to you

Your data belongs to you. SOV AI will never sell your data, and will never use it to train AI models. The information you and your clients entrust to us is yours alone — protecting it is our duty and our commitment to you.

No training on your data

  • The AI providers we use (Anthropic and Google) process your documents under their commercial API terms.
  • Under those terms, your content is not used to train their models.
  • Your SOVs, property data, and submissions stay your data. We use them only to provide the service to you.

Encryption

  • All traffic between your browser and SOV AI is encrypted in transit with TLS (HTTPS).
  • Data is encrypted at rest in our database and file storage (Supabase's default at-rest encryption).
  • Uploaded files live in private storage buckets. They are never publicly accessible — files are served only through short-lived signed URLs, issued after we verify the requesting user owns the file.

Tenant isolation

  • Every organization's data is isolated through per-organization access controls enforced in our application layer.
  • Every query is scoped to the requesting user's team — users can only see and act on their own organization's SOVs, files, and submissions.

Your data, your control

  • Export: You can request an export of your data at any time by contacting admin@sovaitech.com.
  • Deletion: You can request account and data deletion at any time. We purge your data within 30 days of the request.

Compliance

  • Built on SOC 2-certified infrastructure. Our hosting, database, payment, and AI providers — Render, Supabase, Stripe, Google, and Anthropic — each maintain SOC 2 Type II compliance.
  • Our own SOC 2 is on our roadmap. SOV AI is not itself SOC 2 certified yet; we have not engaged an auditor, and we won't claim a certification we don't hold — when we begin a formal audit, we'll say so here.
  • This page describes the concrete practices we follow today, and we're happy to answer security questionnaires directly at admin@sovaitech.com.

Subprocessors

We use a small set of vendors to run SOV AI. Each processes customer data only for the purpose listed:

  • Anthropic (Claude) — AI extraction of data from uploaded SOV documents.
  • Google (Gemini API & Google Maps) — public-record verification of property data and address geocoding.
  • Supabase — Postgres database and file storage.
  • Stripe — payment processing.
  • Render — application hosting.
  • Resend — transactional email (e.g., account and notification emails).

Policies

Questions about any of this? Email us at admin@sovaitech.com.

© 2026 SOVAI Technology LLCHome