Trust
Security at Veyr
How we protect your data and your candidates' data.
Last updated: May 13, 2026
Data hosting and residency
- All customer data is hosted in the European Union on Supabase infrastructure (AWS Frankfurt region, eu-central-1).
- Data never leaves the EU during normal operation.
- We are GDPR-compliant by design.
Encryption
- In transit: All connections use TLS 1.2 or higher (HTTPS everywhere).
- At rest: Customer data is encrypted at rest using AES-256, managed by our infrastructure provider (Supabase / AWS).
Access controls
- Row-Level Security (RLS) policies enforce strict data isolation between companies. Customers can only access data belonging to their own company.
- Database access is limited to authorized personnel and audited.
- Application-level authentication via Supabase Auth.
Authentication
- Email-and-password authentication with secure password hashing.
- SSO (SAML / OIDC): on the roadmap for Enterprise customers.
Sub-processors
We work with the following sub-processors to deliver our service. All are GDPR-compliant and bound by appropriate data processing agreements:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, storage | EU (Frankfurt) |
| Lovable | Application hosting & deployment | EU |
| Stripe | Payment processing | EU / Global (GDPR-compliant) |
| Resend | Transactional email delivery | EU |
| Google (Gemini API via Lovable AI Gateway) | AI features (candidate screening, content generation) | EU routing where available |
Backups and availability
- Automated daily database backups, retained according to our infrastructure provider's standard policy.
- Point-in-time recovery available via Supabase.
Incident response
- We monitor our systems continuously.
- In the event of a data breach affecting personal data, we will notify affected customers without undue delay and in compliance with GDPR Article 33 (within 72 hours where feasible).
- Contact: contact@getveyr.com
Responsible disclosure
- If you discover a security vulnerability, please report it to contact@getveyr.com.
- We commit to acknowledging reports within 2 business days and working with researchers in good faith.
- Please do not publicly disclose vulnerabilities before we've had a reasonable chance to address them.
Roadmap
The following security features are on our roadmap:
- SSO (SAML / OIDC) for Enterprise customers
- SOC 2 Type II certification
- ISO 27001 certification
- Advanced audit logging
Contact
Questions about our security practices? Email contact@getveyr.com.