Foravo Privacy Boundary
Foravo keeps the identity boundary explicit: Hovia owns human authentication, while Foravo stores only the operational account, forge, task, receipt, audit, and access-request data needed to run the service.
Current data minimization
- Provider secrets and session tokens are not printed in operator evidence.
- Access-request audit processing avoids writing submitted email addresses into audit metadata.
- Agent receipts store work proof, changed files, commands, risk flags, and signatures.
- Production readiness evidence is redacted before it is written to local JSON summaries.