Trust Center
Trusted AI infrastructure
for enterprise deployments
Trusted AI infrastructure
for enterprise deployments
Security, compliance and data governance built for organizations that need control, transparency and auditability across every AI workflow.
Security, compliance and data governance built for organizations that need control, transparency and auditability across every AI workflow.
Compliance
Compliance
DUVO’s current certifications and compliance progress.
DUVO’s current certifications and compliance progress.
SOC 2 Type II Certified
SOC 2 Type II Certified
GDPR Compliant
GDPR Compliant
ISO 27001 (in progress)
ISO 27001 (in progress)
Controls
Controls
Independently validated controls demonstrating DUVO’s commitment to secure, compliant and transparent AI operations.
Independently validated controls demonstrating DUVO’s commitment to secure, compliant and transparent AI operations.
Infrastructure Security
Organizational Security
Product Security
Internal Security Procedures
Data & Privacy
Incident Response Alerts
Organization reviews alerts on a periodic basis from various monitoring sources and critical alerts are addressed in accordance with the incident response plan.
Incident Response Plan
Organization's incident response plan follows the NIST Computer Security Incident Response guidance which must be followed in occurrence of a security incident.
Encryption Controls
Industry standard encryption at rest and in transit is enforced across the service and its platform architecture.
Encryption Management
Encryption keys are managed via managed services.
Endpoint Encryption
Organization enforces encryption on all its endpoint systems.
Platform Availability Monitoring
Organization has implemented platform monitoring to maintain its availability of the service in accordance with its service level agreements with user entities.
Platform Availability Alerts
Alerts from the platform monitoring service are reviewed and addressed in accordance with the organization's engineering operating procedures.
Platform Availability Architecture
Organization has implemented redundant architecture for its service managed through its cloud service providers.
Role-based Access
Service enforces access controls to prevent unauthorized access which includes role-based access, network protections, and access control lists (as applicable).
Access Review
Access to critical systems and resources that are used to deliver the service to user entities are reviewed for appropriateness annually.
Application Authentication
Service requires authentication for all its user entities via unique ID and passwords.
Multi-factor Authentication
Organization enforces multi-factor authentication on access to critical systems and resources.
Architecture Diagram
Organization has established an architecture and data flow diagram of its services that is delivered to its user entities.
Vulnerability Management
The organization scans its platform and external systems for vulnerabilities and addresses findings per its vulnerability management policy.
Infrastructure Security
Organizational Security
Product Security
Internal Security Procedures
Data & Privacy
Incident Response Alerts
Organization reviews alerts on a periodic basis from various monitoring sources and critical alerts are addressed in accordance with the incident response plan.
Incident Response Plan
Organization's incident response plan follows the NIST Computer Security Incident Response guidance which must be followed in occurrence of a security incident.
Encryption Controls
Industry standard encryption at rest and in transit is enforced across the service and its platform architecture.
Encryption Management
Encryption keys are managed via managed services.
Endpoint Encryption
Organization enforces encryption on all its endpoint systems.
Platform Availability Monitoring
Organization has implemented platform monitoring to maintain its availability of the service in accordance with its service level agreements with user entities.
Platform Availability Alerts
Alerts from the platform monitoring service are reviewed and addressed in accordance with the organization's engineering operating procedures.
Platform Availability Architecture
Organization has implemented redundant architecture for its service managed through its cloud service providers.
Role-based Access
Service enforces access controls to prevent unauthorized access which includes role-based access, network protections, and access control lists (as applicable).
Access Review
Access to critical systems and resources that are used to deliver the service to user entities are reviewed for appropriateness annually.
Application Authentication
Service requires authentication for all its user entities via unique ID and passwords.
Multi-factor Authentication
Organization enforces multi-factor authentication on access to critical systems and resources.
Architecture Diagram
Organization has established an architecture and data flow diagram of its services that is delivered to its user entities.
Vulnerability Management
The organization scans its platform and external systems for vulnerabilities and addresses findings per its vulnerability management policy.
Infrastructure Security
Organizational Security
Product Security
Internal Security Procedures
Data & Privacy
Incident Response Alerts
Organization reviews alerts on a periodic basis from various monitoring sources and critical alerts are addressed in accordance with the incident response plan.
Incident Response Plan
Organization's incident response plan follows the NIST Computer Security Incident Response guidance which must be followed in occurrence of a security incident.
Encryption Controls
Industry standard encryption at rest and in transit is enforced across the service and its platform architecture.
Encryption Management
Encryption keys are managed via managed services.
Endpoint Encryption
Organization enforces encryption on all its endpoint systems.
Platform Availability Monitoring
Organization has implemented platform monitoring to maintain its availability of the service in accordance with its service level agreements with user entities.
Platform Availability Alerts
Alerts from the platform monitoring service are reviewed and addressed in accordance with the organization's engineering operating procedures.
Platform Availability Architecture
Organization has implemented redundant architecture for its service managed through its cloud service providers.
Role-based Access
Service enforces access controls to prevent unauthorized access which includes role-based access, network protections, and access control lists (as applicable).
Access Review
Access to critical systems and resources that are used to deliver the service to user entities are reviewed for appropriateness annually.
Application Authentication
Service requires authentication for all its user entities via unique ID and passwords.
Multi-factor Authentication
Organization enforces multi-factor authentication on access to critical systems and resources.
Architecture Diagram
Organization has established an architecture and data flow diagram of its services that is delivered to its user entities.
Vulnerability Management
The organization scans its platform and external systems for vulnerabilities and addresses findings per its vulnerability management policy.
Infrastructure Security
Organizational Security
Product Security
Internal Security Procedures
Data & Privacy
Incident Response Alerts
Organization reviews alerts on a periodic basis from various monitoring sources and critical alerts are addressed in accordance with the incident response plan.
Incident Response Plan
Organization's incident response plan follows the NIST Computer Security Incident Response guidance which must be followed in occurrence of a security incident.
Encryption Controls
Industry standard encryption at rest and in transit is enforced across the service and its platform architecture.
Encryption Management
Encryption keys are managed via managed services.
Endpoint Encryption
Organization enforces encryption on all its endpoint systems.
Platform Availability Monitoring
Organization has implemented platform monitoring to maintain its availability of the service in accordance with its service level agreements with user entities.
Platform Availability Alerts
Alerts from the platform monitoring service are reviewed and addressed in accordance with the organization's engineering operating procedures.
Platform Availability Architecture
Organization has implemented redundant architecture for its service managed through its cloud service providers.
Role-based Access
Service enforces access controls to prevent unauthorized access which includes role-based access, network protections, and access control lists (as applicable).
Access Review
Access to critical systems and resources that are used to deliver the service to user entities are reviewed for appropriateness annually.
Application Authentication
Service requires authentication for all its user entities via unique ID and passwords.
Multi-factor Authentication
Organization enforces multi-factor authentication on access to critical systems and resources.
Architecture Diagram
Organization has established an architecture and data flow diagram of its services that is delivered to its user entities.
Vulnerability Management
The organization scans its platform and external systems for vulnerabilities and addresses findings per its vulnerability management policy.
Subprocessors
Subprocessors
List of vendors engaged by DUVO, with clarity
on their roles and any data they may process.
List of vendors engaged by DUVO, with clarity on their roles and any data they may process.
Database/Backups
E2B
Secure environment for running AI-generated code in isolated, sandboxed cloud containers.
Database/Backups
E2B
Secure environment for running AI-generated code in isolated, sandboxed cloud containers.
Database/Backups
Supabase
Managed backend platform providing Postgres, authentication, storage and real-time APIs used for stable application infrastructure.
Database/Backups
Supabase
Managed backend platform providing Postgres, authentication, storage and real-time APIs used for stable application infrastructure.
Tooling/Automation
Composio
API layer enabling controlled integration between DUVO’s AI agents and third-party applications, with secure action execution.
Tooling/Automation
Composio
API layer enabling controlled integration between DUVO’s AI agents and third-party applications, with secure action execution.
Communication and collaboration
Slack
Used as a secure channel for DUVO’s customer support workflows and automated AI-driven assistance.
Communication and collaboration
Slack
Used as a secure channel for DUVO’s customer support workflows and automated AI-driven assistance.
Development and Version Control
Github
Slack is a cloud-based team communication platform.
Development and Version Control
Github
Slack is a cloud-based team communication platform.
Frontend Cloud Platform
Vercel
Cloud platform designed to build, preview, and deploy dynamic web applications.
Frontend Cloud Platform
Vercel
Cloud platform designed to build, preview, and deploy dynamic web applications.
Foundational AI
Anthropic
Provider of large language models used for AI-driven applications and services.
Foundational AI
Anthropic
Provider of large language models used for AI-driven applications and services.
Platform/Foundational AI
GCP
Platform and infrastructure hosting services including computing, storage, and AI capabilities.
Platform/Foundational AI
GCP
Platform and infrastructure hosting services including computing, storage, and AI capabilities.
Database/Backups
E2B
Secure environment for running AI-generated code in isolated, sandboxed cloud containers.
Database/Backups
E2B
Secure environment for running AI-generated code in isolated, sandboxed cloud containers.
Database/Backups
Supabase
Managed backend platform providing Postgres, authentication, storage and real-time APIs used for stable application infrastructure.
Database/Backups
Supabase
Managed backend platform providing Postgres, authentication, storage and real-time APIs used for stable application infrastructure.
Tooling/Automation
Composio
API layer enabling controlled integration between DUVO’s AI agents and third-party applications, with secure action execution.
Tooling/Automation
Composio
API layer enabling controlled integration between DUVO’s AI agents and third-party applications, with secure action execution.
Communication and collaboration
Slack
Used as a secure channel for DUVO’s customer support workflows and automated AI-driven assistance.
Communication and collaboration
Slack
Used as a secure channel for DUVO’s customer support workflows and automated AI-driven assistance.
Development and Version Control
Github
Slack is a cloud-based team communication platform.
Development and Version Control
Github
Slack is a cloud-based team communication platform.
Frontend Cloud Platform
Vercel
Cloud platform designed to build, preview, and deploy dynamic web applications.
Frontend Cloud Platform
Vercel
Cloud platform designed to build, preview, and deploy dynamic web applications.
Foundational AI
Anthropic
Provider of large language models used for AI-driven applications and services.
Foundational AI
Anthropic
Provider of large language models used for AI-driven applications and services.
Platform/Foundational AI
GCP
Platform and infrastructure hosting services including computing, storage, and AI capabilities.
Platform/Foundational AI
GCP
Platform and infrastructure hosting services including computing, storage, and AI capabilities.
Resources
Resources
Documentation that validates DUVO’s security controls, compliance standards and protective measures.
Documentation that validates DUVO’s security controls, compliance standards and protective measures.
Privacy Policy
The privacy policy explains what data DUVO collects, how it is used, how it is protected and what rights customers have regarding their information.
Privacy Policy
The privacy policy explains what data DUVO collects, how it is used, how it is protected and what rights customers have regarding their information.
Privacy Policy
The privacy policy explains what data DUVO collects, how it is used, how it is protected and what rights customers have regarding their information.
Zero Data Retention Certificate, Anthropic
DUVO uses Anthropic models in a certified Zero Data Retention (ZDR) mode. Under this agreement between taskcrew Inc. (dba DUVO) and Anthropic Ireland Limited, prompts and outputs are not stored or used to train models, except where limited retention is legally required or needed to prevent abuse. This certificate is fully executed and available on request.
Zero Data Retention Certificate, Anthropic
DUVO uses Anthropic models in a certified Zero Data Retention (ZDR) mode. Under this agreement between taskcrew Inc. (dba DUVO) and Anthropic Ireland Limited, prompts and outputs are not stored or used to train models, except where limited retention is legally required or needed to prevent abuse. This certificate is fully executed and available on request.
Zero Data Retention Certificate, Anthropic
DUVO uses Anthropic models in a certified Zero Data Retention (ZDR) mode. Under this agreement between taskcrew Inc. (dba DUVO) and Anthropic Ireland Limited, prompts and outputs are not stored or used to train models, except where limited retention is legally required or needed to prevent abuse. This certificate is fully executed and available on request.
AI Liability & Cyber Insurance
DUVO (tasckrew inc) is covered by a Cyber and Technology Errors & Omissions policy, Artificial Intelligence Liability sublimit, including coverage for AI-caused losses, AI-assisted professional services, algorithmic bias and discrimination claims, IP infringement, and AI-related regulatory investigations
AI Liability & Cyber Insurance
DUVO (tasckrew inc) is covered by a Cyber and Technology Errors & Omissions policy, Artificial Intelligence Liability sublimit, including coverage for AI-caused losses, AI-assisted professional services, algorithmic bias and discrimination claims, IP infringement, and AI-related regulatory investigations
AI Liability & Cyber Insurance
DUVO (tasckrew inc) is covered by a Cyber and Technology Errors & Omissions policy, Artificial Intelligence Liability sublimit, including coverage for AI-caused losses, AI-assisted professional services, algorithmic bias and discrimination claims, IP infringement, and AI-related regulatory investigations
SOC2 Type 2 Report
The SOC 2 Type 2 report evaluates DUVO’s security, availability and confidentiality controls over a defined period, confirming how these controls operate in practice.
SOC2 Type 2 Report
The SOC 2 Type 2 report evaluates DUVO’s security, availability and confidentiality controls over a defined period, confirming how these controls operate in practice.
SOC2 Type 2 Report
The SOC 2 Type 2 report evaluates DUVO’s security, availability and confidentiality controls over a defined period, confirming how these controls operate in practice.
Frequently
asked questions
Clear answers to the key questions companies ask when evaluating DUVO’s AI agents.
Further questions?
Reach out. Marek will be happy to help.
What happens to our sensitive data?
Duvo does not train any LLMs, neither our own nor third-party models, and never uses customer data for model training. All LLM calls run in Zero Data Retention mode, meaning prompts and outputs are not stored or used for model training. Data is only processed transiently for the duration of the request.
Can we bring our own AI endpoint?
Yes. With Duvo AI Gateway, you can plug in your own AI endpoints and run digital workers on your existing cloud setup. We support single-tenant and bring-your-own endpoints on Azure, AWS and Google Cloud out of the box. If you prefer, Duvo can also provision and manage dedicated endpoints for you with your preferred cloud provider (Azure, AWS or GCP), while keeping governance, audit and access control in one place.
Can you get EU or US data residency?
Yes. Duvo supports region-specific hosting and model routing. You can constrain LLM providers, compute regions, and browser sandboxes to EU-only or US-only infrastructure depending on your regulatory and internal requirements.
How do you ensure confidential data is not exposed within one team?
Agents inherit only the security scope and access level of the user or role that initiates the task. They cannot access systems or data outside that role’s permissions. Tenant isolation is enforced at the application and data layers, and agents do not share data, credentials, or state across users or departments. All sensitive actions also can require human approval.
How is data cached, logged, and versioned during agent execution?
Duvo minimizes data retention and applies strict lifecycle controls. Execution data is stored only as required for auditability and troubleshooting. Logs capture metadata about agent actions and outcomes, but we avoid retaining unnecessary content. All data at rest is encrypted using AES-256 and all communication uses TLS 1.2+ in transit. Agent configurations, run histories, and version changes are tracked with full audit trails. Duvo does not use customer production data in development or staging environments, and the Enterprise Browser runs in isolated, ephemeral sandboxes that do not persist local storage or cross-task state.
What happens to our sensitive data?
Duvo does not train any LLMs, neither our own nor third-party models, and never uses customer data for model training. All LLM calls run in Zero Data Retention mode, meaning prompts and outputs are not stored or used for model training. Data is only processed transiently for the duration of the request.
Can we bring our own AI endpoint?
Yes. With Duvo AI Gateway, you can plug in your own AI endpoints and run digital workers on your existing cloud setup. We support single-tenant and bring-your-own endpoints on Azure, AWS and Google Cloud out of the box. If you prefer, Duvo can also provision and manage dedicated endpoints for you with your preferred cloud provider (Azure, AWS or GCP), while keeping governance, audit and access control in one place.
Can you get EU or US data residency?
Yes. Duvo supports region-specific hosting and model routing. You can constrain LLM providers, compute regions, and browser sandboxes to EU-only or US-only infrastructure depending on your regulatory and internal requirements.
How do you ensure confidential data is not exposed within one team?
Agents inherit only the security scope and access level of the user or role that initiates the task. They cannot access systems or data outside that role’s permissions. Tenant isolation is enforced at the application and data layers, and agents do not share data, credentials, or state across users or departments. All sensitive actions also can require human approval.
How is data cached, logged, and versioned during agent execution?
Duvo minimizes data retention and applies strict lifecycle controls. Execution data is stored only as required for auditability and troubleshooting. Logs capture metadata about agent actions and outcomes, but we avoid retaining unnecessary content. All data at rest is encrypted using AES-256 and all communication uses TLS 1.2+ in transit. Agent configurations, run histories, and version changes are tracked with full audit trails. Duvo does not use customer production data in development or staging environments, and the Enterprise Browser runs in isolated, ephemeral sandboxes that do not persist local storage or cross-task state.
What happens to our sensitive data?
Duvo does not train any LLMs, neither our own nor third-party models, and never uses customer data for model training. All LLM calls run in Zero Data Retention mode, meaning prompts and outputs are not stored or used for model training. Data is only processed transiently for the duration of the request.
Can we bring our own AI endpoint?
Yes. With Duvo AI Gateway, you can plug in your own AI endpoints and run digital workers on your existing cloud setup. We support single-tenant and bring-your-own endpoints on Azure, AWS and Google Cloud out of the box. If you prefer, Duvo can also provision and manage dedicated endpoints for you with your preferred cloud provider (Azure, AWS or GCP), while keeping governance, audit and access control in one place.
Can you get EU or US data residency?
Yes. Duvo supports region-specific hosting and model routing. You can constrain LLM providers, compute regions, and browser sandboxes to EU-only or US-only infrastructure depending on your regulatory and internal requirements.
How do you ensure confidential data is not exposed within one team?
Agents inherit only the security scope and access level of the user or role that initiates the task. They cannot access systems or data outside that role’s permissions. Tenant isolation is enforced at the application and data layers, and agents do not share data, credentials, or state across users or departments. All sensitive actions also can require human approval.
How is data cached, logged, and versioned during agent execution?
Duvo minimizes data retention and applies strict lifecycle controls. Execution data is stored only as required for auditability and troubleshooting. Logs capture metadata about agent actions and outcomes, but we avoid retaining unnecessary content. All data at rest is encrypted using AES-256 and all communication uses TLS 1.2+ in transit. Agent configurations, run histories, and version changes are tracked with full audit trails. Duvo does not use customer production data in development or staging environments, and the Enterprise Browser runs in isolated, ephemeral sandboxes that do not persist local storage or cross-task state.
Further questions?
Reach out. Marek will be happy to help.
Stop waiting.
Start automating.
Join leading retailers already transforming their operations with DUVO.
Get your personalized automation roadmap in 15 minutes.
Stop waiting.
Start automating.
Join the 500+ enterprises already transforming their operations with DUVO. Get your personalized automation roadmap in 15 minutes.
Stop waiting.
Start automating.
Join leading retailers already transforming their operations with DUVO.
Get your personalized automation roadmap in 15 minutes.
End-to-end automation for modern retail.
End-to-end encryption
SOC 2 Type II
Compliant
ISO 27001
(coming soon)
Copyrights © 2025. All rights reserved.
taskcrew Inc.
1111B S Governors Ave STE 28731 Dover, DE, 19904 US
Delaware C Corporation
Copyrights © 2025. All rights reserved.
taskcrew Inc.
1111B S Governors Ave STE 28731 Dover, DE, 19904 US
Delaware C Corporation
End-to-end automation for modern retail.
End-to-end encryption
SOC 2 compliant
ISO 27001
(coming soon)
End-to-end automation for modern retail.
End-to-end encryption
SOC 2 Type II
Compliant
ISO 27001
(coming soon)
Copyrights © 2025. All rights reserved.
taskcrew Inc.
1111B S Governors Ave STE 28731 Dover, DE, 19904 US
Delaware C Corporation