Book setup callTake the Memory Audit
Trust Center

Your organization's memory,
held with care.

Saberra captures what your team decides and commits to, and organizes it into your own Notion workspace for human review. Here is exactly how we protect it.

All systems operational.Every service exposes a monitored health endpoint. Deploys are health-gated.
01: Data handling

Six principles behind how we hold your data.

Every architectural decision about your data comes back to one rule: your memory belongs to your organization, not to us.

Per-client isolation

Each client runs in its own isolated deployment with dedicated datastore credentials and a dedicated Notion workspace. One client cannot access another's data.

Human review, always

Saberra never publishes or approves changes to your canonical records. It proposes drafts. Your people decide what becomes trusted organizational truth.

No training on your data

Your content is used only to process your own requests. It is never used to train AI models, shared with other clients, or aggregated for any purpose.

Confidentiality levels

Records can be marked Sensitive (flagged in output) or Restricted (excluded from AI retrieval entirely). An admin-only review surface sits outside the main workspace.

PII minimization

IP addresses are stripped from stored records and never surfaced. We capture what serves organizational memory, not more.

Encrypted in transit and at rest

All service and datastore connections use TLS. Managed datastores are encrypted at rest. Secrets live only in the deployment environment, never in source code.

02: Access and authentication

Least privilege by default.

Every credential in the system is scoped, revocable, and designed so a single compromised token cannot cascade into a wider breach.

  1. Constant-time token auth on the API, with request size limits and per-IP plus global rate limiting on all public endpoints.

  2. Per-connection tokens for AI connectors Each integration token (e.g., Claude) is individually revocable and survives a master-secret rotation. No integration stores a shared master credential.

  3. Hashed credentials Dashboard passwords are stored with scrypt and a per-user salt. Password changes and deactivations invalidate sessions immediately.

  4. Scoped per-user Google connections. When a person connects their own Google account, the system is built so it can act only on that person's own account, never another's.

  5. Per-tenant spend caps bound AI usage and contain any runaway or abusive activity.

03: Reliability and change management

No code reaches production without passing every gate.

The pipeline that protects your memory operates the same way the memory system itself does: nothing becomes trusted without review.

  1. Every change passes a type-check gate, an end-to-end smoke suite, and a behavioral evaluation of the assistant run against a sandbox environment before release.

  2. Deploys roll out in stages: sandbox to staging to production, each behind a health gate. Production is never released without passing the earlier gates.

  3. Every service publishes a health endpoint reporting its running release, monitored continuously. Deploys are health-gated.

04: Subprocessors

Every third party we use to deliver the service.

Saberra does not use any subprocessors beyond this list. Changes to the list are communicated to active customers before they take effect.

AnthropicAI extraction and Q&A
Google WorkspaceMeeting assets and connectors
AssemblyAIOptional transcription
NotionCustomer-facing datastore
RailwayHosting and managed Postgres

Documents and contact

A Data Processing Agreement and current subprocessor list are available for customers who require them. Security questionnaires are welcome and turned around quickly. Reach us at security@saberra.com.

Request the DPA