Designed so we couldn't leak your data even if we wanted to.
Your data is yours. Every part of DAVA — from how processing is isolated to how customer data is stored — is built around that promise. The pillars below are how we keep it.
Sandboxed parsers
Every AI-generated parser runs in a hardened Docker container with no network, read-only FS, locked-down syscalls, and a 30-second soft timeout. The parser process can't reach your data store, your secrets, or the host.
Multi-tenant isolation
Every query carries an org_id and is filtered by a SQLAlchemy event hook before it leaves the app. Cross-tenant reads are impossible by construction, not by convention.
Argon2id everywhere
Passwords and API keys are hashed with Argon2id (m=64MB, t=3, p=4). Plaintext keys are visible exactly once, in the create-key dialog. After that we keep a prefix.
Encrypted at rest, encrypted in transit
TLS 1.3 to the API. Postgres at rest is encrypted on Neon's managed disks; object storage uses S3 SSE-S3.
Audit log
Every owner-level action — login, key create, member invite, plan change, settings change — writes an immutable audit row. Export available on Pro and above.
AST gate before sandbox
Before any parser hits the sandbox, an AST inspector rejects 32 forbidden module imports, 11 dangerous builtins, and dunder-attribute lookups. Defense in depth — the sandbox catches what the gate doesn't.
Reporting a vulnerability
Email security@davaengine.ai — please don't open a public issue. We respond within one business day, fix critical issues within seven, and credit reporters who want to be named.