Skip to main content
Data privacy is foundational. The architecture of the platform — three foundation layers, tenant isolation, on-premise deployment — exists in part to give you clean lines of custody over what is yours.

Data ownership

Clear boundaries govern what belongs to whom.
  • Your raw data. Any data you provide — CRM records, transactions, outcomes — remains your exclusive property. Avra acts as a data processor on your behalf.
  • Your Relational Foundation Model. The RFM trained on your data is exclusive to your workspace. Its weights are never shared with or used to serve other customers.
  • The Graph Foundation Model. The GFM is pre-trained on public and licensed data sources, not on customer data. Avra continuously improves the GFM’s architecture and training methodology through research — those improvements benefit all customers, the same way a language model improves across versions without incorporating any user’s data.
This is outlined in the Master Service Agreement.

Data isolation

Raw data and Relational Foundation Models are never shared across customers.

The Relational Foundation Model is yours alone

The Graph Foundation Model provides general understanding of the relational economy. Your Relational Foundation Model is pre-trained on your relational schema and temporal business data, and is exclusive to your organization.We maintain strict logical separation — your data, your RFM weights, and your downstream predictions are never accessible to other customers.
We achieve this through:
  • Tenant isolation — each customer’s data and models are logically siloed within Avra’s infrastructure
  • Access controls — strict Role-Based Access Control (RBAC) and automated controls prevent any cross-customer access
  • Audit trail — every access to customer data is logged and reviewable

On-premise deployment

For customers with regulatory, sovereignty, or sensitivity constraints, the Relational Foundation Model can be deployed inside your own environment. In that configuration:
  • Raw data never leaves your perimeter
  • RFM training and serving run on your infrastructure
  • The Graph Foundation Model continues to provide the broader economic context as a managed service
Contact your Avra representative to scope on-premise deployment.

Regulatory compliance

Avra maintains compliance with data protection regulations including LGPD, GDPR, and other applicable frameworks. Our compliance program includes:
  • Data Processing Agreements (DPAs) — contracts include DPAs outlining our roles and responsibilities as a data processor
  • Data subject rights — processes to support your obligations for access, correction, and deletion requests
  • Data Protection Officer (DPO) — a designated DPO oversees Avra’s data protection strategy and practices
  • Data mapping and inventory — a comprehensive record of what data we process, its purpose, and its retention

Data retention and deletion

We retain your data only as long as necessary to provide our services or as required by law. When a partnership ends, we follow a secure data deletion process to permanently remove your proprietary data from our systems, as outlined in the service agreement. For questions about our privacy practices, contact legal@avra.ai.