Built for procurement.
Multi-tenant from row zero. AES-256 credential encryption. Hash-chained audit log. Row-Level Security on every tenant table. SOC 2 Type 1 audit in progress, certification expected November 2026. Hand us your security questionnaire — we'll respond in 48 hours with file references.
> The 30-second answer
Six facts. Each verifiable in the code.
Multi-tenant from row zero.
Every table carries workspace_id plus a Row-Level Security policy. No cross-tenant data access path exists.
→ supabase/migrations/001_mavrick_schema.sql
Credentials encrypted at rest.
Supabase Vault master key plus pgcrypto AES-256 envelope. A stolen database dump yields ciphertext only.
→ 001_mavrick_schema.sql:88-154
Tamper-evident audit log.
Hash-chained append-only ledger of every action Mavrick takes. Forensic proof, not a PDF report.
→ 007_audit_log.sql · scripts/verify_hash_chains.py
Slack data: minimum surface.
We store only conversations where a user @mentioned or DM'd Mavrick. Never ambient channel content. No batch ingestion on install.
→ CLAUDE.md rules #11 + #12
SOC 2 Type 1 audit in progress.
Certification expected November 2026. Trust artifacts (security.txt, /trust, /security) live today. Hash-chained log, Vault encryption, RLS — auditor controls in place from row zero.
→ docs/SOC2_TIMELINE.md
48-hour questionnaire response.
Send us your security questionnaire. We'll respond in 48 hours with file references for each item.
→ enterprise@getmavrick.com
> Procurement questions
Concrete answers. File references. No marketing.
Every claim below maps to a file path or system reference in the production codebase. Verified against current production by our backend team on 2026-05-27.
How do you isolate one customer's data from another?
Every database row carries a workspace_id. Every read is gated by a Row-Level Security policy that calls is_workspace_member(workspace_id, auth.uid()). There is no path to read across tenants — not from the API, not from the dashboard, not from background jobs.
EVIDENCE → supabase/migrations/001_mavrick_schema.sql + every subsequent migration carries RLS. Engineering rule CLAUDE.md #1: every new table has workspace_id + RLS, or it doesn't ship.
How do you store OAuth tokens, API keys, and vendor credentials?
Supabase Vault master key plus pgcrypto column-level AES-256 envelope. Tokens written via encrypt_credential() RPC, read via decrypt_credential() RPC. Versioned envelope {v, ct, alg} ready for key rotation. Master key lives in vault.secrets — never in code, never in env.
EVIDENCE → 001_mavrick_schema.sql:88-154 + docs/VAULT_PATTERN.md. A stolen database dump yields ciphertext only; decryption requires Vault.
Can you prove what Mavrick did on our data?
Yes. Append-only audit_log table (migration 007, SOC 2 CC6.7 and CASA V7 controls). Every action Mavrick takes — every tool call, every credential read, every outbound message — writes a row. Insert-only RLS prevents update or delete. The /audit dashboard surfaces the entries; chain-verification script walks the integrity proof.
EVIDENCE → supabase/migrations/007_audit_log.sql + scripts/verify_hash_chains.py. Most SaaS ships PDF SOC 2 reports; we ship the live mathematical proof.
Are you SOC 2 compliant?
SOC 2 Type 1 audit is in progress. Certification expected November 2026. Trust-page evidence (security.txt, /trust, /security) is live today. Sub-processor list available on request. Hash-chained audit log, Vault encryption, and RLS — the controls auditors evaluate — are in place from row zero, not retrofitted.
EVIDENCE → getmavrick.com/security.txt, getmavrick.com/trust, getmavrick.com/security, docs/SOC2_TIMELINE.md
Does Mavrick read everything in our Slack?
No. Mavrick only reads Slack channel content when (a) a user @mentioned or DM'd Mavrick directly, or (b) Mavrick is mid-task and the user explicitly asked for history. No cron job scans channels. No batch ingestion. No "read everything on install." Mavrick writes to the messages table only when it was a direct party to the message. Ambient channel content where Mavrick wasn't addressed is never persisted.
EVIDENCE → CLAUDE.md rules #11 + #12. The "invited teammate" model — Mavrick stores only what a real invited coworker would store.
How does the voice piece work?
LiveKit Agents 1.5 cascade pipeline: Deepgram Nova-3 for speech-to-text, Gemini 2.5 Flash for the LLM, Cartesia for text-to-speech, Silero VAD plus Krisp BVCTelephony for noise reduction. Warm-worker provisioning keeps first-turn latency sub-2s on real PSTN calls. Session-level forensic capture on every turn surfaces exact plugin errors when silent failures occur.
EVIDENCE → modal_agent/voice/agents/worker.py + modal_agent/voice/livekit_client.py (499 LOC), dispatch.py (1,102 LOC). Each pipeline layer is auditable, replaceable, regional-deployable.
How do you handle 50+ third-party integrations?
A managed connector layer aggregates ~3,000 SaaS OAuth flows behind one interface. One refresh codepath, one credential schema, one revocation path. Each integration becomes a Vault-encrypted credential row scoped to a workspace_id. Revocation cascades automatically.
EVIDENCE → utils/tool_gateway.py:2951-2975 + utils/workspace_credentials.py. "Add HubSpot" is configuration, not engineering — procurement reviews one OAuth path, not fifty.
How do you defend webhook endpoints against forgery?
Slack: HMAC signature re-verified at Modal edge per request, 5-minute replay window enforced (modal_app.py:406-460). Modal endpoint (Vercel→Modal): X-Mavrick-Webhook-Secret constant-time comparison, no fallback path. Slack idempotency: Upstash Redis SET NX keyed on event.event_id, 300-second TTL. Duplicate events return 200 immediately, never fire twice.
EVIDENCE → modal_app.py + CLAUDE.md rule #4
What's your incident response posture?
Anomaly watcher cron runs every 15 minutes (cron_workers/anomaly_watcher.py), alerts via Telegram and Pushover. Catastrophic-handler in the agent loop posts a graceful user-facing message and alerts ops on every failure mode. Voice outage and voice regression bisect runbooks documented. The hash-chained audit log is the forensic trail for any incident — what happened, in order, signed.
EVIDENCE → docs/INCIDENT_NOTIFICATION_PROTOCOL_v1.md, docs/voice_outage.md, docs/voice_regression_bisect.md
How do we export our data? How do we delete it?
Export: /settings/privacy page has a one-click data export endpoint that bundles workspace data as a ZIP. Deletion: GDPR purge SLA — workspace deletion request triggers a cascade across all workspace_id-scoped tables, completed within 30 days with hash-chained audit confirmation. Trust Suite test B11 enforces the SLA.
EVIDENCE → app/api/workspace/data-export/route.ts, app/settings/privacy/page.tsx, tests/trust_suite/test_b11_gdpr_purge_sla.py
Why "multi-tenant from row zero" matters.
The audit log, the encryption envelope, the RLS policies, the Slack participation rule — these are architectural floors, not features added because someone asked. Retrofitted multi-tenancy is the most common source of cross-tenant data leakage in B2B SaaS. Mavrick's first migration set workspace_id + RLS as the foundation. Every subsequent migration inherits that floor.
EVIDENCE → supabase/migrations/ — entire migration history is RLS-enforced. CLAUDE.md rule #1 is the engineering rule book.
Who are your sub-processors?
Fourteen named vendors handle distinct slices of the stack: OpenAI, Anthropic, Google (Gemini), Deepgram, Cartesia, LiveKit, the managed connector layer, Supabase, Vercel, Modal, Upstash, Sentry, Stripe, Telegram. Sub-processor DPA available on request. 30-day advance notice on additions.
EVIDENCE → Full list (with vendor names) and DPA template available at enterprise@getmavrick.com — also see /trust for the live sub-processor table.
> Honest limitations
Two things we don't claim. Yet.
Most enterprise pages hide what they're missing. We feature it. If either of these is a hard requirement for your team, we'll tell you the timeline honestly.
Team-level RBAC is minimal.
Slack workspace membership IS the source of truth for who can use Mavrick. We don't re-implement Slack's permission model. If your security policy requires app-level RBAC granularity — e.g. “only this team can use the meta_ads handler” — we don't have it shipped today.
Roadmap item. Tell us your specific need and we'll share the planned shape.
Data residency: US-only today.
Modal and Supabase deployments are US-region. If your compliance posture requires GDPR data residency in the EU, that's roadmapped — not shipped.
If you need EU residency, ask us. We'll be honest about timeline.
> Sub-processors
Every vendor we touch your data through.
Fourteen sub-processors handle distinct slices of the stack. Full sub-processor names live on the /trust page. DPA available on request. 30-day advance notice on additions.
OpenAI
LLM
Anthropic
LLM
Google Gemini
LLM
Deepgram
Speech-to-text
Cartesia
Text-to-speech
LiveKit
Voice infrastructure
Managed connector layer
OAuth aggregation
Supabase
Database + auth
Vercel
Web hosting
Modal
Agent runtime
Upstash
Redis cache
Sentry
Error monitoring
Stripe
Billing
Telegram
Ops alerts
Full DPA template, sub-processor change log, and security architecture details available on request. Send a note to enterprise@getmavrick.com.
> Trust resources
Documents your team needs.
Trust page
Live trust posture, sub-processor list, current security architecture overview.
View trust page →
Security disclosure
Vulnerability disclosure policy and contact paths.
View security page →
security.txt
RFC 9116 standard security contact file.
View security.txt →
DPA template
Data Processing Agreement available to qualified enterprise prospects.
Request DPA →
SOC 2 timeline
Audit status, certification target (November 2026), and control mappings.
Request timeline →
Security questionnaire
Send us yours. 48-hour response with file references.
Send questionnaire →
> Next step
Send us your security questionnaire.
We'll respond in 48 hours with file references for every item. Or schedule a call with our enterprise team to walk through any of these answers in detail. No sales theater. Just engineering.
enterprise@getmavrick.com · 48-hour SLA · file references for every claim