Built with security in mind
Descriva is designed so that your product content stays private, your account stays safe, and your payment data never touches our servers.
Your content stays yours
The product specs you submit are used only to generate your descriptions. We do not share, sell, or train on your content.
Encrypted in transit & at rest
All data is transmitted via TLS 1.3 (HTTPS) and stored encrypted at rest in our database.
Trusted AI providers
We use Anthropic (Claude 4.6) and Groq — both operate under strict data processing agreements. Your content is not used to train their models.
Authentication by Supabase
Login and session management is handled by Supabase Auth — battle-tested, SOC 2 compliant infrastructure.
Payments by Stripe
We never store card numbers. All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider.
Minimal data collection
We collect only what's needed to provide the service. No tracking pixels, no ad networks, no behavioral profiling.
Proof & verification
Trust should be verifiable. Use the links below to validate our claims directly.
Live TLS verification
Validate our HTTPS/TLS configuration using an independent third-party checker.
Run SSL Labs scan →Anthropic's privacy policy
Review how Anthropic handles data sent through their API — including Claude 4.6.
Anthropic Privacy Policy →Supabase security overview
Supabase is SOC 2 Type II certified and handles all authentication and database storage for Descriva.
Supabase Security →Report a vulnerability
If you discover a security issue, please report it responsibly to support@descriva.com. We aim to respond within 48 hours.