SecurityYour research data
stays yours.
eviStreams is built on infrastructure you can trust. Here’s exactly how we protect your documents, extraction data, and team credentials.
Infrastructure
AWS Hosted
All services run on Amazon Web Services infrastructure in US regions, benefiting from AWS’s physical and network security.
TLS Everywhere
All data in transit is encrypted using TLS 1.2+. We enforce HTTPS across every endpoint — no plaintext communication.
Encrypted at Rest
Documents and extraction data are stored with encryption at rest. Database backups are encrypted automatically.
Secure Object Storage
PDF documents are stored in isolated object storage with time-limited pre-signed URLs. Files are never exposed via public permanent links.
Authentication & access control
Supabase Auth
Authentication is handled by Supabase Auth, which provides secure email/password login, session management, and JWT-based access tokens.
Project Isolation
Data is scoped strictly by project. Users only see documents, forms, and results within projects they belong to — there is no cross-project data access.
Row-Level Security
PostgreSQL row-level security policies enforce access rules at the database layer — not just the application layer. A misconfiguration can’t expose your data.
No Stored Credentials
We never store raw passwords. Authentication tokens are short-lived and rotated automatically. API keys used by the extraction pipeline are scoped and auditable.
Data handling
Your uploaded documents and extracted data are used solely to power the features you explicitly invoke — extraction pipelines, manual review, consensus reconciliation, and export. We do not use your research content to train models or share it with third parties.
AI extraction pipelines send document content to large language model APIs (e.g. OpenAI) for processing. This is scoped to the specific extraction job you initiate. If your research involves sensitive patient data, review your data handling obligations before uploading identifiable information.
Questions or concerns
If you have specific security questions, want to report a vulnerability, or need a security review before using eviStreams with sensitive data, please reach out via LinkedIn or visit our contact page.