Haven was designed from day one to protect the most sensitive information a family has: wills, insurance, financial accounts, medical documents. Here's exactly how we do it, and why it's stronger than the cloud storage you use today.
Most cloud storage encrypts your files, but anyone at the company with admin access can still see them. Haven adds row-level data isolation, household-scoped access controls, and AI that processes in isolation and discards immediately. Your documents are not just stored securely. They are architecturally inaccessible to anyone but you.
Security isn't just encryption. It's architecture, access controls, and what happens with your data after you upload it.
| Security Feature | Haven | Google Drive | Dropbox | iCloud |
|---|---|---|---|---|
| Encryption at rest | AES-256 | AES-256 | AES-256 | AES-256 |
| Encryption in transit | TLS 1.3 | TLS 1.3 | TLS 1.2+ | TLS 1.2+ |
| Row-level data isolation | Yes | No | No | No |
| Admin access to your files | None | Possible | Possible | Possible* |
| AI that discards data after use | Yes | Retained | N/A | Retained |
| Per-document vault lock | Yes | No | Add-on | No |
| Biometric app lock | Yes | No | No | Device-level |
| Immutable audit log | Yes | Activity log | Events log | No |
| Data used for ad targeting | Never | Metadata | No | No |
Every layer is independently secure. Even if one layer were compromised, the others keep your data protected.
Every API call uses TLS 1.3. Database storage uses AES-256, the same standard used by banks. Optional vault lock adds an additional layer for your most sensitive documents.
Row-level security on every table. Every query is scoped to your household. Cross-household access is architecturally impossible. Not just policy, but code.
Alfred analyzes your documents in isolated, ephemeral processes. Content is immediately discarded. Nothing is stored, cached, or persisted. Never used to train AI models. Period.
Face ID and Touch ID for quick, secure access. Every document access is logged in an immutable audit trail that cannot be modified or deleted.
Your spouse gets their own login with shared household access. Each person's Alfred chat history stays private. Invite codes expire after 30 days.
Tokens stored in the iOS Keychain, Apple's hardware-backed secure enclave. Biometric app lock keeps your data protected even on an unlocked phone.
These aren't policies that can be changed with a terms update. They are architectural decisions baked into how Haven is built.
TLS 1.3 in transit. AES-256 at rest. Optional per-document vault lock for your most sensitive files.
Row-level security on every table. Cross-household access is architecturally impossible.
Documents analyzed in isolated processes. Content immediately discarded. Never used for AI training.
Face ID and Touch ID. Immutable audit trail on every document access.
Individual logins, shared data. Private chat history. 30-day invite codes.
iOS Keychain token storage. Biometric app lock. No sensitive data in local storage.
Architectural decisions, not policies.
From the moment you upload a document to the moment Alfred answers your question, here's what happens.
Your document is encrypted with TLS 1.3 during upload, then stored with AES-256 encryption in Google Cloud Storage. The file is tagged to your household and inaccessible to any other account.
Alfred reads your document in an isolated, ephemeral process. It extracts dates, identifies the type, and returns structured data. The document content is immediately discarded from AI memory. Nothing is cached.
Only the extracted metadata (dates, type, summary) is stored alongside your encrypted file. When you ask Alfred a question, it references this metadata, never re-reading the full document through AI.
Estate planning documents are among the most sensitive in your household. Haven applies additional protections to ensure they remain private and secure.
Haven never collects Social Security numbers, full account numbers, or precise financial balances. Only ranges and categories are stored.
Attorney handoff uses expiring links: 3-use limit, 7-day expiry. Links are sent from your own email, never from Haven servers.
Exported estate PDFs are encrypted with AES-256-GCM before storage. Only authenticated sessions can decrypt them.
Every access to a shared estate document is logged with a hashed IP address. Full audit trail available in the app.
Revoke any shared estate link instantly from the app. Once revoked, the link can never be used again.
Haven never shares estate data with third parties. AI analysis happens server-side and is never stored beyond the session.
We take this seriously. If you have questions about how your data is handled, reach out and we'll give you a straight answer.
support@havenhome.dev