SOVHELM Founder command system

Trust center

Security and privacy principles

SOVHELM is being designed for founders who manage sensitive operating records across multiple ventures, partners, investors, and teams.

01

Workspace isolation

Each organization should operate in a dedicated tenant with separate users, ventures, permissions, and records.

02

Role-based access

Founder, partner, manager, team, and investor views should expose only the records needed for that role.

03

Audit-ready records

Important changes, owner updates, decisions, comments, and attachments should remain traceable over time.

04

Private deployment direction

Hosted workspaces come first, with a private deployment path for organizations requiring stronger infrastructure control.

Product Security Direction

SOVHELM’s security model is built around the realities of multi-venture operations: different ventures, legal entities, partners, managers, investors, and team members need different visibility. The product direction prioritizes scoped access, separated workspaces, and accountable operating records.

Access Control

SOVHELM is designed to support role-based permissions for founders, partners, managers, team members, and investors. Venture-level separation is a core principle so users only see the businesses, entities, projects, obligations, and records they are allowed to see.

Auditability

Audit logs are intended to help teams understand important changes across ventures, compliance obligations, risks, decisions, comments, mentions, notifications, and attachments. Auditability is especially important for founder accountability and investor trust.

Data Protection

Production infrastructure should use HTTPS, hardened deployment headers, controlled access to operational systems, monitored logs, and appropriate backup and recovery practices. Any customer data processing should be documented before launch.

AI and Private Workflows

Future AI-assisted capabilities should be designed to monitor private workspace signals, not public internet activity. Controls should make clear which workspace data is used, what the AI assistant can surface, and who can view resulting signals.

Responsible Disclosure

If you believe you have found a security issue, please contact hello@sovhelm.com with enough detail for review. Please do not access, modify, delete, or disclose data that does not belong to you.