Security & trust

How CoVision protects workshop data, participant submissions, and generated outputs for enterprise facilitation teams.

CoVisionis built for high-stakes corporate workshops where sensitive strategic thinking must stay inside the room — and inside your organisation's boundary. This page summarises the security architecture buyers typically review during procurement. For full legal detail, see our Privacy Policy.

Private by default

Workshop sketches, generated assets, and event reports are stored in private object storage. Assets are never served from public URLs. Access requires authorisation checks and short-lived signed URLs.

Row-level security

Organisation and event data is protected with Postgres row-level security. Participants use scoped session tokens — not full user accounts — and can submit only within the event they joined.

Encryption in transit

All client and API traffic uses HTTPS. Storage and database connections are encrypted in transit between CoVision services and our infrastructure providers.

Least-privilege operations

Privileged server operations use service-role credentials that never reach the browser. Facilitator and participant flows are separated by role, event scope, and entitlement state.

Event lifecycle controls

Organisation owners and admins control when submissions open, when funding runs, and when events are deleted. Soft-deleted events are access-locked immediately; asset cleanup follows on a controlled schedule.

Optional event passwords

Facilitators can require a password before participants join an event — useful for confidential strategy sessions or client workshops with restricted attendance.

AI processing boundaries

Sketch images and descriptions are sent to AI inference providers solely to generate the outputs requested during a workshop. Organisation event data remains private to authorised users of that organisation.

Data retention

Event data is retained while the event and organisation remain active. Organisation owners may delete events; deletion locks access first, then removes assets. Contact us for enterprise retention requirements.

Enterprise programmes

Enterprise customers can request security and privacy reviews, custom rollout planning, voucher-based access models, and facilitation onboarding support. Contact us to discuss procurement requirements or a pilot on a real organisational challenge.

Contact sales · Privacy Policy