TRUST
Built for the trust advice requires.
Where your data lives, who can read it, and what we ask AI models to do with it. Plain English, all on one page.
Data storage.
PostgreSQL 16 on DigitalOcean Managed Postgres in the Sydney region. Encrypted at rest. Daily snapshots retained per DO's managed backup policy.
Sessions.
Cookie-based sessions signed with itsdangerous via Starlette's SessionMiddleware. Passwords hashed with bcrypt. No third-party auth provider, no SSO sprawl, no session tokens in third-party hands.
Audit logging.
Every adviser action — record edit, document generation, fact-find change — is logged with adviser ID, timestamp, and IP. Reviewable inside the app.
Where it runs.
DigitalOcean Sydney region. App on a hardened droplet behind Caddy 2 (TLS, HSTS, security headers). Object storage in DigitalOcean Spaces, also Sydney region.
AI and your data.
Vesper sends prompts to Anthropic via the Claude API. We do not train models on your data. Anthropic does not retain prompts beyond their stated retention window. See Anthropic's privacy policy for the contractual detail.