Privacy & Security

Executive Summary

GaiaVerse is a mission-driven B Corp with Sustainability and Social Equity as its core values. The team is deeply passionate about the stewardship of the Earth and all its inhabitants, and they have embedded a strong moral compass to guide their choices and decisions.  At GaiaVerse, we see the world as an interconnected complex system. We work to uncover the patterns and relationships within it for the purpose of empowering individuals, organizations, and communities to make more informed and impactful decisions for the planet and humanity—whether combating climate change or improving disaster resilience.

At Gaiaverse, security and privacy is core to our values and the way we operate, we are a privacy and security by design organization. This document will provide an overview of security and privacy capabilities we have in place to protect your data and the platform. For additional information regarding our privacy posture, see our Privacy Policy.

Privacy and Data Security

GaiaVerse’s position on data privacy and security can be summarized as follows: 

1. Your data is yours.

We never sell personal data without your consent, and we don’t share it with advertisers—ever.

2. Transparency is a moral obligation.

3. Clean systems require clean data ethics.

AI companies often hide behind jargon to justify invasive practices. Our architecture and agentic intelligence frameworks function without violating your consent or commodifying your behavior.

4. Stewardship extends to the digital commons.

We talk a lot at GaiaVerse about environmental stewardship. But that also means respecting digital ecosystems, including refusing to replicate extractive logic in cyberspace.

Information Security Governance

We utilize enterprise cloud providers, including Google, AWS, and GitHub for our platform deployment and operations. These providers maintain security and privacy related certification such as SOC2 and ISO27001 providing assurance as to the maturity of their security capabilities.

More about their security:

Data In Transit Security

Our website and platforms require Transport Layer Security, or TLS, a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet.

Data At Rest Security

Gaiaverse utilizes several mechanisms to protect data from unauthorized access while in storage.

  • Our data must be encrypted at rest on all databases.

  • All employee workstations must have hard disk encryption enabled.

  • All media must be stored on encrypted hard drives and tracked.

Operational Security

Gaiaverse has in place several processes to provide secure access to systems.

  • Multi Factor Authentication (MFA) and  Single Sign On (SSO) for corporate applications and production platforms.

  • Security Awareness is provided and required of all employees and contractors.

Security Engineering

We have several mechanisms in place to protect the security of our code, platforms, and user data.

  • Enterprise-grade infrastructure and website security tools to mitigate web-based attacks.

  • Penetration testing conducted at least annually.

  • Static Application Security Testing (SAST) checks integrated into the development pipeline.

  • GitHub-native vulnerability scanning enabled across all repositories, providing continuous detection of known security issues in dependencies.

  • Robust change management processes to ensure secure deployment practices.

  • Secure handling of any stored credentials, including hashing and salting of passwords where applicable.

AI Principles, Governance, and Ethics

Our AI developments are rooted in a series of guiding principles that enables us to create a fit for purpose structure that balances the need for technological advancement, the advancement of social justice and environmental stewardship.