Security
Your family's data is encrypted before it leaves your device.
Files are encrypted on your device, then uploaded. Keys are wrapped in hardware security modules on Google Cloud private infrastructure. When AI does the work, it runs under contractual zero data retention. Nothing is stored by the AI provider. Nothing trains a model.
The vault stays closed until you open it. When you want to share a document with your lawyer, your accountant, or someone in your family, you grant scoped access to that file. maivis never opens it without you. Every access is recorded, and you can revoke it at any time.
What is in place today
Encrypted before it leaves your device
Documents are encrypted with AES-256-GCM on your device, then uploaded. The encrypted file is all that reaches our servers. Even a full server compromise leaves the files unreadable without the key.
Keys held in hardware
Encryption keys are wrapped in Google Cloud KMS hardware security modules (FIPS 140-2). A decryption key is used in memory only during the moment you open a document, never stored in plaintext. Every access is recorded in a tamper-evident audit trail.
Data stays in one place
Your financial data is stored on Google Cloud private infrastructure, wherever your family is based. AI analysis runs on Gemini Enterprise Agent Platform under contractual Zero Data Retention. Your data is never stored by the AI provider, and never used to train models.
AI never sees who you are
Before any AI call, a privacy gateway removes names, emails, account numbers, passport numbers, and government IDs. The AI sees the wealth, not the family. "$2.3M in real estate across UAE and India", never "Rohit Gupta, account 4521".
Passwordless sign-in
FIDO2 passkeys via WebAuthn. You sign in with your face or device PIN. There is no password to steal and no SMS code to intercept. The credential lives on your device and cannot be phished.
Isolation enforced by the database
Every database query is filtered by your family ID at the database layer. Even a bug in application code cannot return another family's data. The boundary is enforced below the application.
Controls in production
How AI handles your data
maivis uses AI to generate wealth observations. Here is exactly what happens to your data, step by step.
A passkey or authenticator app verifies your identity before any data is accessed.
Names, emails, phone numbers, account numbers, passport numbers, and government IDs are removed before any AI call. The AI never knows who you are.
Asset values, portfolio holdings, spending amounts, and jurisdictions are sent to AI. This is what powers portfolio analysis, tax context, asset valuation, and spending intelligence.
"$2.3M in real estate across UAE and India", but never "Rohit Gupta, Emirates NBD account 4521." The finances are analyzed. The identity is not.
Each AI call is recorded: provider, data scope, token count, and PII redaction count. This is the trail a DIFC audit needs.
Gemini Enterprise Agent Platform: Zero Data Retention. Claude via Google Cloud Model Garden: covered by Google ZDR, no Anthropic API key is used. Google Search Grounding receives anonymized market queries only, never family-specific data.
What we do not do
We never sell your family's data to third parties
We never persist unencrypted family financial data to disk or database
We never share your family's data with advertisers
We never access your family's documents without an explicit request
We never ask for your banking credentials. Only open banking tokens.
We never send your name, email, account numbers, or government IDs to AI providers
We never let AI providers store or train on your data
Questions about security?
Email us at legal@maiviswealth.com
DUE DILIGENCE PACK
Verify our claims
Every claim on this page is backed by a document you can read for yourself. Read them, share them, ask us anything.