The short version
You submit sensitive financial data to get a valuation. We treat it accordingly: encrypted in transit and at rest, never sold or shared, payment details never touch our servers, and deleted on request. Below is exactly how, without badges standing in for specifics.
Encryption
- In transit: all traffic to valueai.pro is encrypted with TLS (HTTPS). There is no unencrypted path to our servers.
- At rest: your data is stored in a managed PostgreSQL database (Neon) with encryption at rest on encrypted infrastructure.
Payments
All payments are processed by Stripe, a PCI-DSS Level 1 certified payment processor. Your card number is entered on Stripe's systems and never touches ValueAI Pro's servers — we store only the transaction reference needed to unlock your report.
Your financial data
- Never sold, never shared. Your submission is used to compute your valuation report — nothing else. No data brokers, no advertisers, no third-party analytics on your financials.
- AI processing: report narrative is drafted using OpenAI's API. Inputs sent for narrative generation are governed by OpenAI's API terms, under which API data is not used to train their models.
- Valuation math is local: every valuation figure is computed by our own deterministic engine on our servers — your numbers are not "sent to an AI" to be calculated.
Advisor accounts
- Advisor portal passwords are hashed with scrypt (a modern, memory-hard algorithm) — we cannot see or recover your password.
- Sessions use signed, httpOnly, secure cookies.
- Client records in an advisor's repository are visible only to that advisor's account (and to ValueAI Pro for support and operations).
Retention & deletion
- Reports and submissions are retained so you can access your report link and, for advisors, your client repository.
- Deletion on request: email support@valueai.pro from the address on the submission and we will delete your submission data and generated report.
Monitoring & operations
- Application errors are monitored with Sentry; error reports are configured to exclude personally identifying information.
- Hosting on Render with managed TLS; database on Neon with automated backups.
What we don't claim
We are a small, independent product and have not yet undergone a SOC 2 audit. Rather than imply certifications we don't hold, this page states specifically what we do. If your firm requires a security questionnaire before use, email steven@valueai.pro — we answer them directly.
Questions about anything here: support@valueai.pro. See also our Privacy Policy and Terms of Service.