Security

How Aventra protects your work

This page is maintained by the Aventra team to describe the security controls that ship in the product today. It is not a certification — for a security review with our team, contact support.

Account protection

Accounts are protected by email + password authentication with secure password reset flows. Optional leaked-password detection blocks weak credentials.

Workspace isolation

Every workspace's data is isolated from every other workspace through row-level security at the database layer. You only ever see your own data.

Private file storage

Uploaded files are stored in a private bucket scoped to your workspace. Files are never publicly listable or browsable.

Role-based access foundations

Roles are stored in a dedicated table rather than on the user profile, preventing common privilege-escalation patterns. Member and admin roles are checked server-side.

Secure payments

All payments are handled by a regulated payment provider. Aventra never sees or stores your full card number, expiry, or CVV — only a non-sensitive reference.

No card data on our servers

We rely on the payment provider's hosted checkout, so cardholder data flows directly between you and the provider. We only store the resulting transaction record.

Report a security concern

If you believe you've found a vulnerability, please contact us via the support page.

Contact support