Security.Operational.

May 21, 2026.

Security is not a separate promise tacked onto the end of the product. It shapes how we design assessments, deploy MyAgent workspaces, handle customer conversations, and connect business systems.

Natyv AI and MyAgent are operated by Natyv Ventures LLC.

• Encryption in transit using modern HTTPS/TLS for web traffic.
• Encryption at rest where supported by our database, hosting, storage, and infrastructure providers.
• Workspace isolation patterns, including row-level access controls where applicable.
• Limited retention of data according to business, legal, support, and service delivery needs.
• Separation between customer data and system-level operational data wherever practical.

Access is limited to people and systems that need it to operate, support, secure, or improve the service. Operators may review conversation or assessment data for quality assurance, escalation handling, or support, but broad internal access is not the operating model.

• Least-privilege access for administrative tools and production systems.
• Authentication and role-based access for internal and customer-facing systems.
• Secrets and credentials stored outside public source code.
• Access reviews and offboarding processes for tools that hold customer or business data.

AI systems can make mistakes, so customer-facing workflows should include clear instructions, bounded authority, escalation paths, and human review for higher-risk actions. MyAgent templates are designed to capture useful context and route work without pretending that automation removes all judgment.

• Call and intake templates define what the agent should ask, capture, avoid, and escalate.
• High-impact or ambiguous requests should be reviewed by a human before action.
• Conversation data is not sold or used to train models for other customers.

Natyv AI relies on trusted providers for hosting, database, AI models, communications, telephony, SMS, calendar, payment, analytics, CRM, and support workflows. We choose vendors based on capability, reliability, and security posture, then limit access to the data needed for the service.

When customers connect third-party accounts, those providers' own terms and security practices also apply.

• Operational logging for reliability, troubleshooting, and security investigation.
• Monitoring for unexpected errors, abuse patterns, and service disruptions.
• Incident triage and customer communication when an issue materially affects customer data or service availability.
• Backups or platform recovery practices where supported by our infrastructure providers.

• Use strong passwords and protect account access.
• Connect only phone numbers, calendars, CRMs, websites, and third-party accounts you are authorized to manage.
• Keep business policies, prices, hours, service areas, and escalation rules accurate.
• Review AI outputs and agent actions before relying on them for important business decisions.
• Tell us quickly if you suspect unauthorized access or a security issue.

Please report suspected vulnerabilities or security concerns to [email protected]. Include the affected URL, a clear description, reproduction steps, and any relevant screenshots or logs.

For privacy requests, use Privacy. For service rules, use Terms.