Sovara is decision-support infrastructure, not a decision-maker. AI enhances your expertise; it does not replace professional judgment. The guarantees below are architectural, not policy.

• →Recommendations, not decisions: AI generates structured proposals. You review, verify, and execute.
• →Source attribution: Outputs trace directly to the knowledge sources that informed them — verified provenance, not approximate matching.
• →Domain-grounded knowledge: Intelligence drawn from structured, verified sources — programmes, fees, eligibility criteria, and tax regimes extracted and maintained as queryable data, not unstructured text.
• →Professional verification expected: AI outputs are starting points for your analysis, not final answers.

Sovara is built for advisory firms managing sensitive client information. Data protection is architectural, not bolted on.

• →User-level data isolation: Data is strictly separated at the database level through row-level security policies, not application logic. Each user can only access their own data. Advisors see only their assigned clients.
• →No cross-user data sharing: Query patterns, client scenarios, and advisory outputs are never shared across users or used to improve service for other customers.
• →No model training on your data: AI providers process data via API only, in-memory. Under API terms of service, your data is not used for model training.
• →Advisor-controlled input: The system is designed to produce valuable output without requiring personal client information. Advisors control what data they include.

Advisory firms operate under regulatory scrutiny. Sovara is designed with this reality in mind.

• →No autonomous decisions: AI generates recommendations. Humans review, verify, and execute.
• →Traceable reasoning: Every recommendation carries stated assumptions, identified sources, and a complete execution record you can audit.
• →Graceful under uncertainty:When analysis encounters incomplete information, the system reports what it knows and what it doesn't — rather than presenting partial results as confident. No silent failures.
• →Audit capability: Audit logging across key interactions and outputs for compliance review.
• →Swiss-based: Headquartered in Switzerland, with data sovereignty and privacy as foundational principles.

We say what is in place, what is designed for, and what is planned - without conflating them.

• →Designed for GDPR and Swiss FADP: The architecture - data minimisation, user-level isolation, audit logging, right-to-deletion support - is built to meet GDPR and Swiss Federal Act on Data Protection requirements.
• →SOC 2: Work is planned. We are not certified and do not claim to be. When that changes, we will say so here with the report date.
• →Data residency: Operations are Swiss-based. Primary data infrastructure is in Europe.
• →Data processing agreements: Available on request for firms requiring formal DPAs aligned with their regulatory obligations.