Hiretecky

Security & Trust

Enterprise-Grade Security

Regulated industries, enterprise procurement teams, and CISOs hold us to a higher standard — and we built Hiretecky to meet it. Here is exactly how we protect your workflows, your customers, and your data.

SOC 2 Type II (In Progress)HIPAA BAA AvailableGDPR & CCPA CompliantZero Data TrainingVPC Isolation Available

Security Controls by Plan

Every Hiretecky plan ships with a strong security baseline. Enterprise customers unlock additional isolation and compliance tooling.

All Plans

  • TLS 1.3 in transit
  • AES-256 at rest
  • Audit logs
  • RBAC
  • No data training

Professional & Enterprise

  • Isolated tenant environment
  • GDPR & CCPA DPA
  • HIPAA BAA available
  • SSO (SAML 2.0)
  • Custom data retention

Enterprise Only

  • Single-tenant VPC
  • Private link / VPN peering
  • VSAQ & pentest report
  • Dedicated security review
  • Custom SLA

Nine Security Commitments

SOC 2 Type II (In Progress)

We are undergoing SOC 2 Type II certification covering security, availability, and confidentiality. Audit report available to enterprise customers under NDA upon request.

End-to-End Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). API keys and credentials stored in a hardware-backed secret vault — never in plaintext.

Isolated Tenant Environments

Each customer's agent runs in a dedicated isolated environment. Your data is never co-mingled with another tenant. Single-tenant VPC deployments available for Enterprise plans.

Zero Training on Your Data

Your business data, customer conversations, and proprietary information are never used to train or fine-tune any AI model. Your data operates only your agents.

GDPR, CCPA & HIPAA Ready

We act as a data processor under your instructions. Data Processing Agreements, HIPAA Business Associate Agreements, data residency, and data subject request support available on all plans.

Full Audit Logs & Access Controls

Every agent action is logged with a tamper-evident audit trail. Role-based access controls govern who can configure, view, or override each agent. Export-ready for compliance reviews.

Network Security & VPC Isolation

Agent infrastructure runs inside private VPCs with strict egress filtering. No inbound public internet exposure. Optional private link / VPN peering for enterprise deployments that require it.

Vendor Security Review Support

We provide a completed VSAQ (Vendor Security Assessment Questionnaire), penetration test summary, infrastructure architecture overview, and DPA to enterprise procurement and legal teams on request.

Incident Response SLA

Defined incident classification, response, and notification SLAs for all enterprise customers. P0 incidents receive a 1-hour initial response. Security advisories issued within 24 hours of confirmed events.

Regulated Industries

Built for Healthcare, Finance & Legal

Enterprise AI adoption stalls when security and compliance teams can't get answers. We built Hiretecky with regulated industries in mind from day one — HIPAA Business Associate Agreements, isolated VPC deployments, tamper-evident audit logs, and full vendor security documentation packages that satisfy even the most rigorous procurement processes.

Healthcare

HIPAA BAA + EHR-ready FHIR integrations

Financial Services

SOC 2 controls, data residency, access logs

Legal & Professional

Conflict checks, matter-level isolation, NDA-first

Explore Healthcare AI Agents

AI Model Transparency

We are transparent about the AI infrastructure powering your agents — because your security team will ask.

ProviderUsed ForData Agreement
Anthropic (Claude)Complex reasoning, contract review, nuanced communicationEnterprise DPA in place
OpenAI (GPT-4)Structured data processing, code generation, classificationEnterprise DPA in place
Proprietary Fine-tunesDomain-specific tasks trained on anonymized industry dataFully in-house — no third-party model sharing

None of your data is shared with AI providers' general training pipelines. All providers operate under enterprise agreements with data isolation guarantees.

Responsible Disclosure

Discovered a vulnerability? Report it to security@hiretecky.com. We respond within 48 hours and ask for 90 days before public disclosure. All reports are taken seriously.

Enterprise Security Package

Enterprise customers receive a full security documentation package on request: completed VSAQ, penetration test executive summary, infrastructure architecture diagram, DPA, and BAA.

Request documentation →