For Practices
Get Free Access

Your data stays yours

Snovai is designed so that your instance data never leaves your control. Here is exactly how it works.

Credentials

AES-256 encrypted, stored locally

Instance access

Read-only service account

AI engine

Anthropic Claude API

Data transmitted

Only what you ask about

How Snovai connects to your instance

TLS 1.2+ - AES-256 encrypted Zero data retention · not used for training REST Table API - read-only service account Live data - transient - never persisted Conversation text only No instance data Chrome Extension ServiceNow sidebar Cloud Run Snovai backend · us-west1 Anthropic Claude Zero data retention ServiceNow Your instance · read-only Supabase Account & chat · AWS us-west-2 Instance data never written to any database · Read-only access only · AI layer retains nothing after response

How it actually works

Does Snovai store my ServiceNow data?

No. Snovai does not persist any data from your ServiceNow instance. When you ask a question, the relevant data is fetched in real time, sent to the AI to generate a response, and discarded. Nothing is stored in our database. Your session history is stored in Supabase tied to your user ID, but that contains only your conversation text, not raw instance data.

Who can see my instance credentials?

Your ServiceNow instance URL, username, and password are encrypted with AES-256 and stored in your browser using Chrome local storage, scoped to your Snovai user ID. They are never sent to our servers in plain text and never stored in our database. Queries are made directly from our backend to your instance using credentials decrypted only at call time.

What does the read-only service account actually mean?

It means Snovai can read data from your instance but cannot create, update, or delete anything. We recommend creating a dedicated service account with read-only access and scoping it only to the tables and modules you want Snovai to query. This gives you full control over what Snovai can see. Setup instructions are on the setup guide page.

Does Anthropic train on my data?

No. We use the Anthropic Claude API with zero data retention enabled. Anthropic does not use API inputs or outputs to train their models. Your instance data and conversations are not used for any model training. Zero data retention means Anthropic does not store your prompts or responses on their servers after the API call completes. You can verify this directly on the Anthropic trust and safety page, linked below.

Anthropic maintains SOC 2 Type 2, ISO 27001, ISO 42001, and CSA Star certifications for the Claude API. These certifications cover security, availability, confidentiality, and AI management systems. You can verify all certifications directly at trust.anthropic.com.

What data does Snovai actually transmit?

When you send a message, Snovai sends three things to our backend: your message text, the current page context from ServiceNow if available, and a query constructed from your intent. Our backend calls the Anthropic Claude API with that payload and returns the response. We do not log your instance data, we do not store query results, and we do not share anything with third parties.

Where is my conversation history stored?

Your chat history is stored in Supabase, tied to your user ID with row-level security. It contains only your conversation text. No raw ServiceNow instance data, no query results, and no field values are stored in your conversation history. You can delete individual chats or your entire history at any time from within Snovai.

Regulated Industry Environments

Snovai has been evaluated for use in healthcare and financial services environments where data handling requirements are strict. The architecture is designed to minimize data exposure: credentials stay in the browser, and instance data is not persisted after each request.

For healthcare organizations: Snovai connects via a read-only service account scoped to your platform team's tables. It cannot access, modify, or export patient records or PHI outside the permissions you configure.

For regulated enterprise pilots requiring formal compliance validation, BAA agreements for HIPAA-covered environments, or security review walkthroughs, contact hello@snovai.io.

Snovai is a read-only advisor. Every suggested change goes through your normal development and change management controls. Full details on the Accuracy and Limitations page.

Three things your security team can verify right now

No trust required. Open your browser and check.

Open your browser DevTools and watch the network tab while Snovai runs. You will see requests to our Google Cloud Run backend and from there to your ServiceNow instance. No calls to any third-party data store.

Open Chrome DevTools, go to Application, then Local Storage. You will find encrypted credential blobs scoped to your user ID. No plain text credentials. No instance data at rest.

Open your ServiceNow instance and inspect the snovai.readonly service account. Read access only. No write roles. No admin roles. Scope it however you need to.

Your credentials never leave your browser. Your instance data never touches our database. Every query is live, every result is real.
We are not asking you to trust us on data security. We are asking you to trust Anthropic, and point your security team at our architecture so they can see for themselves.

Snovai is built on Anthropic Claude, one of the most trusted AI systems in the world. We do not ask you to take our word for it.

View Anthropic Trust and Safety

Questions? Email us at support@snovai.io