Security
Built for the most sensitive work
Ravical keeps your client data safe with enterprise-grade security, complete transparency, and AI that works under your control.
Enterprise-Grade Protection
Security designed for professional firms who handle sensitive client information every day.
No model training on your data
Ravical contractually guarantees that your data stays yours. We don't use inputs, outputs, or uploaded documents to train underlying models. Every query is handled with real-time retrieval, not embedded in model weights.
EU-based hosting
All AI processing occurs within EU data centres under robust data protection agreements. Your client information stays under EU and UK guidance, with clear data sovereignty and minimal data persistence.
Isolated client contexts
Each client's data exists in a separate context. Tasks run in complete isolation, so information cannot leak between clients, engagements, or advisers. Professional confidentiality is built into the architecture.
Human oversight by default
AI-generated drafts and suggestions are never sent directly to clients without human approval. The adviser always reviews, edits, or rejects before anything leaves the firm.
Scoped access controls
Ravical inherits your existing user permissions. The agent cannot escalate privileges or reach information the user cannot access. Remove a user and access is revoked immediately.
Independently audited
Our security controls are validated through independent third-party audits and penetration testing. ISO/IEC 27001:2022 certified with no non-conformities.
Security
Compliant with industry standards
Ravical is designed from day one with enterprise-grade data protection, privacy, and compliance at its core. We are ISO/IEC 27001:2022 certified and fully GDPR compliant.
Our security controls are built to meet the highest international standards, and we continue to refine and validate our safeguards to exceed the expectations of our customers and partners. You can find our official certificates, audit summaries, and the latest updates on our security page.
Ready for regulatory scrutiny
Our clients operate under overlapping regulatory regimes. Ravical is engineered to meet strict European expectations around risk classification, documentation, logging, transparency, and human oversight. No matter where your firm is based, deployments stand up to audit review.
We have assessed our agents against the EU AI Act's risk categories. Their role is to support tasks such as email drafting and client service, always under human oversight. They do not make autonomous decisions and fall under Limited Risk classification—subject only to transparency and human-in-the-loop requirements.
We maintain detailed audit logs of agent activities, including prompts, outputs, and accessed sources. Every draft and knowledge lookup is recorded to provide a complete and traceable record. Logs are secure, tamper-evident, and available for client review.
Contain
Keep data where it belongs
Data containment is the foundation. We prioritise data sovereignty with EU-based hosting, zero retention policies with LLM providers, and clear data protection agreements. Privacy is engineered into every path data can take—from triage agents that filter content to full GDPR documentation and safeguards.
EU data centres only
Zero retention policy with LLM providers
Triage agents filter unnecessary processing
Complete GDPR documentation
ConStrain
Control what AI can access and do
Confidentiality boundaries are absolute. The agent only works with content the current user can access—no lateral browsing across colleagues' mailboxes or documents. Custom triggers and knowledge sources are ring-fenced. External content is treated as untrusted by default.
Isolated client contexts
Inherit existing user permissions
Ring-fenced firm knowledge
Untrusted input handling
Explain
Transparency in every output
Human review comes before anything leaves the building. Every AI-generated draft requires approval. Sources are clearly listed with click-through references. The AI can explain its reasoning on demand—like asking a colleague why they phrased something a certain way.
Draft approval workflows
Draft approval workflows
On-demand explanations
Complete audit trails
Security is Fundamental to Everything We Do
Ravical is designed from day one with enterprise-grade data protection, privacy, and compliance at its core. We are ISO/IEC 27001:2022 certified and fully GDPR compliant. Our security controls are built to meet the highest international standards, and we continue to refine and validate our safeguards to exceed the expectations of our customers and partners.
