Novek was built with security and privacy in mind from day one.
Security is not a feature, it's a foundation. We focus on encryption, access controls, and how we respond when something goes wrong.
Novek is built on Google Cloud Platform (GCP) and leverages its managed infrastructure for compute, storage, networking, and security controls.
We follow modern security principles including zero trust, strong authentication, least privilege, and security built into design and operations. We use encryption at rest (GCP-managed) and in transit (TLS), role-based access control (RBAC) and identity and access management (IAM), network isolation, and audit logging.
Data sent to third-party AI providers for processing is transmitted over encrypted channels. Novek is configured to use Zero Data Retention (ZDR) endpoints for AI processing; for how we handle AI and data, see our Privacy Policy.
Customer data is encrypted at rest with FIPS 140-2 validated crypto modules where applicable. Data in transit over public networks is transmitted using TLS 1.2+.
Data stored in GCP is encrypted at rest using GCP-managed encryption (AES-256). All data in transit is encrypted using TLS 1.2+. Access to data is controlled via IAM and role-based access and is audited.
We have processes in place to detect, assess, and respond to security incidents. Affected customers are notified in accordance with applicable law and our contractual commitments. For details on how we handle your data and your rights, see our Privacy Policy.
SSO is available for enterprise plans. All access to customer data requires authenticated sessions, with role-based access control (RBAC) enforced.
Control what data NovekAI stores and indexes. Prevent select data from surfacing results for certain system terms.
NovekAI only shows you the information you already have permission to access. If a team permission changes, it reflects those changes immediately.
Privacy mode is enabled by default during onboarding. When Privacy Mode is enabled, we minimize retention and avoid storing sensitive document content in plaintext where feasible. Some metadata may still be stored for security and reliability.
Where applicable, your data can be deployed in your own tenant or VPC with isolation from other customers.
All data is encrypted at rest using AES-256. All data is encrypted in transit using TLS 1.2+. Controls are in place to audit all access.
