On 20 April 2026, Vercel — the infrastructure provider that hosts gravenos.com — disclosed a security incident in which an unauthorised party may have gained access to certain platform data. We became aware of this matter on 21 April 2026 and have been monitoring the situation closely since.

Vercel is a third-party deployment and hosting platform used by Gravenos to serve the gravenos.com corporate website. According to Vercel's disclosure, the incident may have resulted in limited exposure of data held on their platform. Vercel has stated that they are investigating the full scope of the breach and have taken steps to contain it.

The Gravenos corporate website (gravenos.com) collects limited data: email addresses submitted via the newsletter signup form and contact enquiry submissions. This data is stored in our own Supabase database, which is hosted independently of Vercel and was not part of the reported incident.

However, as Vercel processes web requests to gravenos.com, there is a possibility that server-side logs or request metadata held on their infrastructure could have been among the data accessed. We cannot confirm or exclude this until Vercel completes its investigation.

The Drusus platform (drusus.ai), including all user accounts, subscription data, financial analytics, and payment records processed through Stripe, operates on a separate infrastructure and was not hosted on or routed through the affected Vercel systems in any way that implicates user account data. Stripe processes all payment information directly; Gravenos does not store card details on its servers.

• Monitoring Vercel's ongoing incident disclosure for further details as they become available.
• Reviewing server-side request logs accessible to us for any anomalies in activity around the incident window.
• Assessing whether any mitigation measures on our side are necessary pending the full Vercel report.
• We will publish a follow-up notice on this page if the investigation reveals that any user data was materially affected.

At this stage, we have no evidence that any Gravenos user's personal data has been accessed. However, as a precautionary measure, if you submitted your email address through gravenos.com and use that same address as a login credential on other services, we recommend reviewing the security of those accounts.

If you have questions or concerns regarding this notice, please write to us at legal@gravenos.com. We will respond to all enquiries as promptly as circumstances allow.