Built to be trusted with your business.
corv runs real work inside your accounts, so security is foundational. Here's how we protect your data, your keys, and your company.
Encryption everywhere
Your data is encrypted in transit and at rest. Connections use TLS. Every secret we store — BYOK keys, webhook HMAC secrets, MCP env/headers, custom-skill auth, agent trigger config, sensitive memories, employee email bodies, and profile phone numbers — is sealed with AES-256-GCM before it touches the database.
Your keys, your control
Bring your own model keys. They're scoped to your account, never shared, and you can rotate or remove them any time in Settings.
Access & isolation
Your company's data is scoped to your account and organization. Employees only act within the apps and accounts you connect.
Auditability
Work your team does is logged so you can see what happened and when. Private mode lets you run sessions that aren't saved.
Connected apps
Integrations are connected through scoped, revocable permissions. Disconnect any app at any time and access is removed.
Data deletion
You own your data and can delete your account and its data from Settings. Tell us and we'll help you export or remove anything.
Found an issue, or have a security question? Email security@corv.app.