Security & Privacy Practices

Last Updated: 6 January 2026

At Bherva, security and privacy are treated as foundational principles. This page outlines the practices we follow to protect systems, data, and users while being transparent about current capabilities.

This document is not a certification statement and should not be interpreted as a guarantee of compliance with specific regulatory standards.

1. Our Security Approach

Bherva follows a security-by-design approach. We focus on building systems that minimize risk, reduce exposure, and apply responsible data handling practices throughout the platform lifecycle.

Security decisions are guided by:

  • Least-privilege access
  • Controlled system boundaries
  • Continuous monitoring and improvement

2. Access Control

We apply access controls to limit system and data access:

  • Role-based access to internal systems
  • Authentication required for administrative actions
  • Segmentation between environments where applicable
  • Regular review of access permissions

Only authorized personnel can access production systems.

3. Data Handling & Privacy

  • Customer data is processed only to deliver requested services
  • Bherva does not claim ownership of customer data
  • Data is not sold or shared for advertising purposes
  • Private customer data is not used to train public AI models
  • For BS3 Storage, all data remains within the user's own hardware and local network.

4. AI & Voice Data Considerations

For AI-powered services:

  • AI outputs are generated automatically and may require human review
  • Users are responsible for obtaining consent for voice interactions and recordings
  • Users control how AI features are deployed and disclosed to end users
  • Bherva does not assume responsibility for downstream use of AI outputs.

5. Infrastructure Practices

Bherva services are deployed using securely configured environments with:

  • Controlled deployment processes
  • System monitoring and logging
  • Backup and recovery procedures where applicable
  • Separation between customer data and internal systems

Availability and performance may vary depending on service configuration.

6. Incident Management

We maintain internal processes to:

  • Detect and respond to security incidents
  • Assess potential impact
  • Take corrective action when issues are identified

Users may be notified when required by law or when an incident materially affects service use.

7. Third-Party Services

Bherva may rely on third-party infrastructure or tools to operate services. These providers are selected based on reliability and industry adoption.

Each third party operates under its own security and privacy policies.

8. Compliance Status

Bherva does not claim formal certification under standards such as SOC 2, ISO 27001, or HIPAA unless explicitly stated in writing.

Our systems are designed with compliance readiness in mind, allowing future alignment as requirements evolve.

9. User Responsibilities

Users are responsible for:

  • Securing their own credentials and environments
  • Proper configuration of deployed services
  • Compliance with applicable data protection and communication laws

Security is a shared responsibility.

10. Continuous Improvement

Security practices evolve as:

  • Threat landscapes change
  • Products mature
  • Customer needs grow

We regularly review and improve our systems and processes.

11. Changes to This Document

This page may be updated periodically to reflect changes in practices or services. Updates will include a revised date.

12. Contact

For questions related to security or privacy practices, please contact Bherva through the official website.