Security & Trust
You're trusting us with your workflows, your customers, and your data. Here is exactly how we protect all of it.
Our Security Commitments
SOC 2 Type II (In Progress)
We are currently undergoing SOC 2 Type II certification. Our controls cover security, availability, and confidentiality. Audit report available to enterprise customers under NDA upon request.
End-to-End Encryption
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). API keys and credentials are stored in a hardware-backed secret vault, never in plaintext.
Isolated Tenant Environments
Each customer's agent runs in a dedicated isolated environment. Your data is never co-mingled with another customer's data. We support single-tenant deployments for Enterprise plans.
No Training on Your Data
Your business data, customer conversations, and proprietary information are never used to train or fine-tune public AI models. Your data is used solely to operate your agent.
GDPR & CCPA Compliant
We act as a data processor under your instructions. We maintain Data Processing Agreements, support data subject requests, and can configure data residency for EU and California requirements.
Access Controls & Audit Logs
All agent actions are logged with full audit trails. You can review every action your agent took, when, and on what data. Role-based access controls limit who on your team can configure each agent.
Which AI Models We Use
We are transparent about the AI infrastructure powering your agents.
| Provider | Used For | Data Agreement |
|---|---|---|
| Anthropic (Claude) | Complex reasoning, contract review, nuanced communication | Enterprise DPA in place |
| OpenAI (GPT-4) | Structured data processing, code generation, classification | Enterprise DPA in place |
| Proprietary Fine-tunes | Domain-specific tasks trained on anonymized industry data | Fully in-house — no third-party model sharing |
None of your data is shared with AI providers' general training pipelines. All providers operate under enterprise agreements with data isolation guarantees.
Responsible Disclosure
If you discover a security vulnerability in our platform, please report it to security@hiretecky.com. We ask that you give us 90 days to address the issue before public disclosure. We take all reports seriously and respond within 48 hours.
Enterprise customers can request our full security documentation, penetration test reports, and infrastructure architecture overview by contacting their account manager.