OnVerb Data Security

Published on 29 January 2026

Last updated on 29 January 2026

How we keep your prompts, files, and account data protected.

Security isn’t something we “add on” later at OnVerb. It’s built into how the platform is designed and operated - across prompt management, multi-model chat, team collaboration, and RAG-style document workflows. This page explains what we do (in plain English) so you know what’s protected, how it’s protected, and what you can do on your side to stay safe too.

What data OnVerb handles

Depending on how you use the app, OnVerb may process and store:

  • Account data (e.g. email address, authentication/session details)
  • Prompts and prompt libraries (including structured system prompts)
  • Chat inputs/outputs (your conversations with selected AI models)
  • Uploaded files (TXT, PDF, DOCX) and CSV processing jobs
  • Team/workspace data (shared prompts, documents, access permissions)

Because prompts and documents often contain sensitive business context, we treat your content as potentially confidential by default.

Encryption in transit (data moving between you and OnVerb)

Whenever data travels across the internet, it’s protected using modern transport encryption.

TLS 1.2 / 1.3 encryption

  • All traffic to and from OnVerb is encrypted using TLS 1.2/1.3.
  • This helps protect against interception and tampering while data is in transit.

In practical terms: when you save a prompt, upload a document, or run a CSV job, the connection is encrypted.

Encryption at rest (data stored on our systems)

When your data is stored, it remains protected even at the storage layer.

AES‑256 encryption for stored data

  • Stored prompts and sensitive application data are encrypted at rest using AES‑256.
  • This helps ensure stored content is unreadable without authorised access and the appropriate keys.

Encrypted storage volumes

  • Data is stored on encrypted NVMe SSD volumes, with encryption handled at the infrastructure layer as well.

Prompt security (because prompts can be your IP)

Prompts can contain brand voice guidance, customer insights, product plans, internal processes - basically, the stuff that makes your business yours. So prompt security is central.

Protected in transit and at rest

  • TLS 1.2/1.3 protects prompts during transmission
  • AES‑256 protects stored prompts

Access controls and auditability

  • Access is governed using least-privilege principles (only what’s needed, nothing more)
  • Access is role-restricted and logged for auditability

Secure connections & database protection

Behind the scenes, OnVerb uses multiple layers to protect the systems that store and process your data.

SSL/TLS required

  • All connections require SSL/TLS encryption
  • Strict certificate verification helps reduce the risk of man-in-the-middle attacks

Strong authentication and abuse protection

  • Credentials are designed with high entropy to make brute-force attempts impractical
  • A proxy layer monitors and authenticates connection attempts, helping prevent misuse (including excessive login attempts and unauthorised patterns)

Network restrictions

  • IP allowlisting can be used to restrict access to trusted sources
  • Private networking options can reduce exposure to the public internet (where applicable)

Secure infrastructure

OnVerb runs in secure hosting environments designed for modern SaaS reliability and security.

  • Hosted within secure, audited data centres
  • Ongoing operational security processes and risk assessment
  • Regular review of controls and configurations

Compliance-aligned security controls

Our security controls are designed to align with key security and privacy standards.

Key control areas (high level)

Encryption & key management

  • AES‑256 at rest
  • TLS 1.2/1.3 in transit
  • Restricted key access
  • Key rotation practices

Fine-grained access control

  • Least‑privilege permissions
  • Controlled production access processes
  • Auditable change management

Network segmentation & isolation

  • Segmented environments and restricted traffic flows
  • Reduced risk of lateral movement

Monitoring & anomaly detection

  • Monitoring for suspicious access patterns
  • Centralised logging and alerting

Logging & auditability

  • Security-relevant events logged and protected
  • Logs retained to support investigation and auditing

Backups, retention, and deletion

  • Encrypted backups with versioning
  • Retention practices aligned with operational and regulatory needs
  • Secure deletion processes for applicable data requests

Vulnerability management

  • Ongoing scanning for misconfigurations and outdated components
  • Defined remediation workflows based on severity

Audits & penetration testing

  • Regular security reviews and testing programmes
  • Findings feed into ongoing improvements

Secret scanning & credential protection

OnVerb uses secret scanning practices to help detect exposed credentials.

  • Automated detection where applicable
  • Alerts to trigger investigation and response

Security reporting

If you believe you’ve found a vulnerability, please report it responsibly so we can investigate quickly.

  • We support responsible disclosure practices
  • We may operate a private bug bounty or private security reporting process (depending on programme availability)

How to report: use in-app support, or your organisation’s agreed security contact route if you have one.

FAQ: OnVerb Security & Privacy

Can OnVerb staff read my prompts or documents?

OnVerb uses encryption and access controls designed to prevent unnecessary access to customer data. Access to sensitive systems is restricted by role and logged. In short: we aim for least-privilege access and auditability, so access is tightly controlled and reviewable.

Are my prompts encrypted?

Yes. Prompts are encrypted:

  • In transit using TLS 1.2/1.3
  • At rest using AES‑256

Is my data encrypted while it’s being uploaded or downloaded?

Yes. File uploads and downloads are protected using TLS 1.2/1.3 transport encryption.

Where is my data stored?

OnVerb stores data in secure cloud infrastructure, using encrypted storage volumes and controlled access. (If you need specifics for your organisation - such as data residency expectations - contact support and we can clarify what applies to your plan and setup.)

What happens when I use different AI models inside OnVerb?

OnVerb provides access to multiple AI providers/models. When you send content to a selected model, that request is transmitted securely. How each provider handles and retains data can vary by provider and plan—so if your organisation has strict policies, it’s worth aligning your usage with your internal governance (and choosing workflows accordingly).

Do you support private networking or IP allowlisting?

OnVerb includes network restriction approaches such as IP allowlisting and may support private networking options in certain environments. If you’re on a business plan and need this, contact us to discuss the right setup.

How do you protect against unauthorised access attempts?

We use layered controls, including:

  • Encrypted connections
  • Strong authentication practices
  • Proxy-level monitoring and session controls
  • Logging and alerting for suspicious patterns

Are backups encrypted?

Yes. Backups are encrypted and versioned to support recovery and resilience.

Can I request deletion of my data?

Where applicable under privacy regulations (such as GDPR/CCPA), you can request deletion. We use secure deletion processes to action valid requests. If you’re part of a team workspace, your admin may need to confirm certain requests depending on ownership and policy.

How do I report a security issue?

If you think you’ve found a vulnerability, report it via in-app support or your agreed security contact route. Please include:

  • What you found (steps to reproduce)
  • What data or accounts might be affected
  • Screenshots/logs if safe to share