← Back to siteWhat we collect — and what we don't.
Soreva is built around passive, external observation. We never install agents, never touch internal systems, and we publish only what you choose to share.
How assessments work
Assessments are performed from the public internet against domains you own or are authorized to test. We resolve DNS, fetch publicly reachable HTTP responses, inspect TLS certificates, and query public reputation sources. We do not scan for vulnerabilities intrusively, brute-force endpoints, or attempt to authenticate.
What we store
- The domain(s) you've added and ownership verification records.
- Check results and historical posture state, for trending and reporting.
- Account information for the people you authorize to access the workspace.
What we publish
Public Trust Profiles show category-level status only. Specific findings, scores, subdomains, IP addresses, and remediation details are never published. You control whether the profile is live and can unpublish at any time.
Third parties
We use a small number of infrastructure providers for hosting and email. We do not sell data and we do not use customer posture data to train third-party models.
Contact
Privacy questions: info@soreva.tech.