Skip to content

Privacy

What we keep, and why.

Last updated July 13, 2026

Sevra handles the account, submitted action, decision, and case-file data needed to operate the control layer. This policy describes that data, the optional diagnosis path, and the current limits of export, retention, and deletion.

01

What Sevra is for

Sevra evaluates actions your integration submits before execution and records the resulting decision. It is not intended to be a general system of record for your application or customer data.

02

What we collect

Account details you provide: your name, email, and organization. The actions agents propose, their targets, and the verdicts and reasoning Sevra produces. Case-file artifacts for escalations, including diagnosis or reproduction records when those stages run. The policies and scopes you configure.

Standard operational logs and Vercel Analytics data from the website and console. The current application mounts analytics by default rather than exposing a per-workspace enable switch.

03

Data boundaries

Sevra does not hold funds or maintain a full copy of your application or customer database. Provider credentials entered through supported configuration are encrypted at rest and masked in the console.

Do not submit secrets in action, incident, or case-file text. When diagnosis is enabled, selected case and repository context is sent through the configured AI gateway; this repository does not establish a blanket third-party model training or retention promise.

04

How we use it

The current product uses account and submitted action data to evaluate routed actions, attempt case-file creation for held actions, notify configured recipients, retain request-level decision evidence, and operate, secure, and improve the service.

05

Sub-processors

We rely on infrastructure and communication providers to run Sevra: hosting and compute, a managed database, analytics, transactional email, payment processing, and, when diagnosis is enabled, an AI gateway and model provider.

06

Security

Provider credentials saved through supported configuration are AES-256-GCM encrypted. Runtime access remains bounded by the external credentials and scopes an operator supplies. The full posture is on the Security page.

07

Retention

A customer-configurable retention schedule and complete self-service deletion flow are not shipped today. Decision, case-file, and operational records remain in the service unless handled through an authorized operational process. You can contact us to ask what options currently exist for a particular record type.

08

Your rights

You can email us to ask about access, correction, export, or deletion. Available actions depend on current tooling, record type, and audit-integrity constraints; the product does not currently provide a complete self-service privacy export or deletion flow.

09

Contact

Questions about privacy: privacy@sevra.dev.