Skip to content

Security

Security at Agentiv

Agentiv connects to your team's inboxes and calendars. This page sets out exactly how that access works, where the boundaries sit, and what we will and won't do with your data.

Architecture

Where your data lives and how it's protected

Database
Your data lives in a PostgreSQL database hosted by Supabase, our managed database provider.
Access control
Row-level security policies enforce team and member boundaries inside the database itself. Access rules are applied at the data layer, not just hidden in the interface.
In transit
All traffic between your browser and Agentiv is encrypted over TLS (HTTPS).
At rest
Data is encrypted at rest by our database provider using AES-256.
Infrastructure certifications
Agentiv runs on infrastructure providers that hold SOC 2 Type II and ISO 27001 certification (Supabase, Vercel and Google Cloud). Their compliance documentation is available on request.
Australian compliance
We handle personal information in line with the Australian Privacy Principles under the Privacy Act 1988 (Cth), including the Notifiable Data Breaches scheme.
Independent certification
Independent certification of Agentiv itself is on our roadmap as the platform scales.

Access model

Boundaries enforced in the database, not the interface

Roles
Two roles: leader and member. Leaders see the team's business data — pipeline, listings, open homes, contacts, contracts, targets.
Per-tab permissions
Each member is granted specific tabs, with view or edit rights per tab. A new assistant can have listings and open homes without ever seeing the contracts area.
Private communications
Each member's email, messages and calendar are readable by that member only. Leaders cannot read another member's communications. This is enforced by database policy, not by interface hiding.
Invitations
Members join by invitation from the team leader and receive exactly the access the leader grants, from the first login.

Connected accounts

OAuth, scoped and revocable

OAuth
Google account connections (Gmail, Google Calendar) use OAuth. You grant access from your own Google account; Agentiv never sees your password.
Managed connections
Google OAuth connections are brokered by Composio, a managed OAuth provider, which stores and refreshes connection tokens.
Revocation
You can revoke Agentiv's access from your Google account settings at any time. Disconnecting an account stops its sync immediately.
Scopes
Each integration requests only the scopes it needs for its stated function. The integrations page lists what each connection reads and writes.

Sub-processors

The services that process data on Agentiv's behalf, and what each one does.

Agentiv sub-processors
ProviderPurpose
SupabaseDatabase, authentication
VercelApplication hosting
ComposioManaged OAuth for Google connections
GoogleGmail and Google Calendar APIs (your connected accounts)
MicrosoftOutlook mail access (your connected accounts)

Data lifecycle

What we keep, and how you leave

What we store
Business records your team creates (pipeline, listings, open homes, contacts, contracts, targets) and synced items needed to run your modules, such as parsed enquiries and calendar events.
Offboarding
When you leave, you can request an export of your team's data, followed by deletion. Deletion requests are actioned on written request to our contact address.
No resale
Your data is not sold, shared with advertisers, or used to train AI models.

Incident response

If something goes wrong

1. Contain
Isolate the affected system and stop ongoing exposure.
2. Assess
Establish what data was involved and which customers are affected.
3. Notify
Notify affected customers without undue delay, consistent with the Australian Notifiable Data Breaches scheme.
4. Remediate
Fix the cause, document the incident, and report what changed.

Responsible disclosure: if you believe you've found a security issue, email info@agentiv.com.au. Our security.txt carries the same contact.

Ask the hard questions in the demo.

Access, boundaries, offboarding: bring your IT-cautious questions and get direct answers.

Talk custom solutions