Security & Trust

• Row-level security (RLS) in our Postgres database enforces that each organisation and team can only access its own data.
• All platform access is authenticated, and permissions are role-based across individuals, team members, team admins, organisation admins and Evolve admins.
• Sensitive backend operations are exposed only through gated, server-side routines rather than direct table access.

• The web platform runs on Vercel with managed, modern hosting and edge delivery.
• Data is stored in managed Postgres on Supabase, with the ability to provision Australian / Asia-Pacific regions.
• AI persona responses, feedback, and speech-to-text / text-to-speech run on Microsoft Azure services.
• Data is encrypted in transit using industry-standard TLS.

Billing is handled through Stripe's hosted, PCI-compliant payment processing and customer portal. Evolve does not store payment card numbers; card data is handled directly by Stripe.

• We use Sentry for error monitoring with a privacy scrubber configured to remove message content and credentials before diagnostic data is sent.
• Usage is metered through a usage ledger, with quotas and cost controls that also help detect abnormal activity.

Bespoke characters and scenarios built for a customer remain that customer's intellectual property. Customer organisations control who participates in training and how results are used. For how we handle personal information, see our Privacy Policy and Subprocessors list.

We align our practices with the Australian Privacy Act and the Australian Privacy Principles. We are not currently SOC 2 or ISO 27001 certified, and we do not claim to be. Formal third-party certification is part of our forward roadmap rather than a present-day claim. We are happy to discuss our current controls with prospective enterprise customers.

If you believe you have found a security issue, please contact us at security@evolvesimulations.com. We appreciate responsible disclosure and will work with you to investigate and resolve valid reports.