Security at Valiro

Last updated: November 2025

We take the security of your data seriously. Learn about the measures we implement to keep your projects and information safe.

Our Security Practices

Data Encryption

All data transmitted to and from Valiro is encrypted using TLS 1.3, the latest and most secure transport layer protocol. Data stored in our systems is encrypted at rest using AES-256 encryption, an industry-standard encryption method used by financial institutions and government agencies.

Authentication & Access Control

User authentication is handled by Clerk, a leading authentication provider. We support:

  • Secure password policies with complexity requirements
  • Multi-factor authentication (MFA) for additional security
  • Session management with automatic timeout
  • Role-based access control (RBAC) to limit data access

Our role-based system ensures that staff users have access to project management features, while frontline employees only see the projects and tasks they are assigned to.

Infrastructure Security

Valiro is built on a modern, secure infrastructure:

  • Cloudflare: Provides DDoS protection, Web Application Firewall (WAF), and SSL/TLS termination for our static assets and web application.
  • Convex: Our backend database and serverless functions run on Convex’s secure, managed infrastructure with built-in data isolation.

AI Data Handling

Our AI features are powered by Google Gemini with EU data residency. This means:

  • AI queries are processed within the European Union
  • Your document content used for AI context remains in EU infrastructure
  • AI interactions are not used to train external models
  • You control which documents are accessible to AI features through context scoping

Analytics Privacy

We use PostHog for product analytics, configured with EU data residency. Analytics data is used solely to improve our product and never sold to third parties. You can learn more in our Privacy Policy.

Compliance & Standards

As an EU-based company, we are committed to compliance with:

  • GDPR: Full compliance with the General Data Protection Regulation, including data subject rights, lawful processing, and data protection by design.
  • Data Localization: EU data residency options for analytics and AI processing to meet data sovereignty requirements.

Incident Response

We maintain an incident response plan to address potential security events:

  • 24/7 automated monitoring for security anomalies
  • Defined escalation procedures for security incidents
  • Commitment to notify affected customers within 72 hours as required by GDPR
  • Post-incident analysis and remediation

Security Updates

We regularly update our systems and dependencies to address security vulnerabilities. Our development practices include:

  • Regular dependency audits and updates
  • Code review for all changes
  • Automated security scanning in our CI/CD pipeline

Reporting Security Issues

If you discover a security vulnerability, please report it to us immediately. We appreciate responsible disclosure and will work with you to address the issue.

Security Contact: Email: info@valiro.ai Please include “Security” in the subject line.