Security Policy

1. Infrastructure and Hosting

• Nativ’s backend services are hosted on Google Cloud Platform (GCP), which complies with leading security standards including ISO 27001, SOC 2/3, and GDPR.

• All API traffic is encrypted over HTTPS.

2. Access Control

• Internal systems use role-based access control (RBAC).

• Access is limited to authorized personnel, protected with two-factor authentication.

• Access logs are maintained and reviewed periodically.

3. Content Handling

• Nativ does not retain customer content after processing unless otherwise agreed in writing.

• Processing workflows are stateless by default.

• All processing begins only when initiated by the user.

4. External Services

• Only explicitly approved third-party services are used:

  • OpenAI for language processing

  • Supabase for analytics storage

  • GCP for infrastructure

• All vendors are vetted and compliant with relevant security and privacy standards.

5. Incident Response

• Nativ maintains an incident response plan to address potential breaches or threats.

• In the event of a data breach, affected customers will be notified within 72 hours.

• Audit logs and diagnostics will be made available under NDA if requested.

6. Contact

Security Officer
Nativ Technologies, Inc.
1111B S Governors Ave, #23499
Dover, DE 19904
Email: founders@usenativ.com