TERRAVE

Trust & Security

Built for industries where data integrity isn't optional.

Environmental product declarations are legal documents. The infrastructure that generates them must meet the same standards of rigor.

Data integrity

  • Cryptographic fingerprinting (SHA-256) on all evidence files at upload
  • Immutable canonical records — published EPDs cannot be edited in place
  • Full version history with parent record chain
  • Audit log for every input, mapping decision, and state change
  • Background dataset versions explicitly stamped on every calculation

Access control

  • Multi-tenant architecture with strict organization-level data isolation
  • Role-based access control (manufacturer admin, verifier, viewer)
  • API key scoping — read and write scopes managed independently
  • Clerk-powered authentication with MFA support
  • All API traffic over HTTPS/TLS 1.2+

Infrastructure

  • Hosted on Vercel edge infrastructure with global CDN
  • Database on Neon serverless Postgres with automatic backups
  • Evidence files stored in Cloudflare R2 with server-side encryption
  • Zero downtime deployments
  • Automated database backups with point-in-time recovery

Privacy

  • GDPR-compliant data handling for EU users
  • CCPA-compliant for California residents
  • No sale of customer data to third parties
  • Data residency options available for enterprise customers
  • Right to data export and deletion supported

Security questions?

For enterprise security reviews or detailed compliance documentation, contact us directly.

greg@terrave.ai