Trust Center
Security you can evaluate before you deploy
HARFT AI maintains a SOC 2 Readiness Program with enterprise-grade security controls, documented policies, and transparent practices for AI automation at scale.
HARFT AI maintains a SOC 2 readiness program and is implementing security controls aligned with SOC 2 Trust Service Criteria. HARFT AI has not yet completed an independent SOC 2 audit.
- MFA Enforcement
- Encrypted Data in Transit
- Encrypted Data at Rest
- Role-Based Access Controls
- Audit Logging
- Vendor Review Process
- Secure Cloud Infrastructure
Security Overview
HARFT AI operates a security-first architecture with documented policies, role-based access, and continuous monitoring across all production systems.
- SOC 2 Readiness Program with mapped controls across Security, Availability, and Confidentiality
- Documented information security, access control, and incident response policies
- Executive ownership of security program with quarterly risk reviews
- Security awareness training for all personnel on hire and annually
Data Protection
Customer data is encrypted, scoped to organization boundaries, and retained according to contract and documented retention schedules.
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption at rest for databases and object storage
- Tenant isolation with organization-scoped data access
- Configurable retention periods per customer contract
- Secure deletion procedures upon contract termination
Infrastructure Security
Production workloads run on enterprise cloud infrastructure with edge protection, network segmentation, and automated health monitoring.
- Azure-hosted production environment with geo-redundant backups
- Cloudflare edge protection, WAF, and DDoS mitigation
- Containerized deployment with health checks and auto-restart
- Automated dependency scanning and patch management
- Infrastructure changes tracked via version control and peer review
AI Security Practices
AI agents are deployed with guardrails, human escalation paths, and strict data handling policies — customer data is never used to train public models.
- No intentional use of customer data to train public AI models
- Prompt versioning, rollback, and guardrail enforcement
- Human-in-the-loop escalation on voice and chat agents
- RAG scoped to customer-approved knowledge bases
- API key isolation and rate limiting on AI provider integrations
Vendor Management
Third-party vendors are assessed, contracted, and monitored with tiered review cycles based on data access and criticality.
- Tiered vendor classification (Critical, Important, Standard)
- Security questionnaires and SOC 2 report review for critical vendors
- Data processing agreements with breach notification requirements
- Annual review of critical vendor security posture
- Provider abstraction to reduce single-vendor dependency
Compliance Roadmap
Building toward independent assurance
HARFT AI is implementing controls aligned with SOC 2 Trust Service Criteria and planning a structured path toward formal audit and additional frameworks.
- Current
SOC 2 Readiness Program
Implementing SOC 2-aligned controls, documenting policies, and collecting audit evidence.
- Planned
SOC 2 Type I
Independent point-in-time assessment of control design by a qualified auditor.
- Future
SOC 2 Type II
Independent assessment of control operating effectiveness over a defined observation period.
- Future
HIPAA Readiness
Enhanced controls and BAA workflows for healthcare clients requiring HIPAA-aligned deployments.
- Future
ISO 27001
Evaluation of ISO 27001 information security management system certification.
HARFT AI maintains a SOC 2 readiness program and is implementing security controls aligned with SOC 2 Trust Service Criteria. HARFT AI has not yet completed an independent SOC 2 audit.
Documentation
Security policy library
Internal policies maintained as part of our SOC 2 Readiness Program. Available for review during enterprise security assessments.
Information Security Policy
Available upon request for enterprise customers and auditors.
Access Control Policy
Available upon request for enterprise customers and auditors.
Incident Response Policy
Available upon request for enterprise customers and auditors.
Data Retention Policy
Available upon request for enterprise customers and auditors.
Vendor Management Policy
Available upon request for enterprise customers and auditors.
Business Continuity Policy
Available upon request for enterprise customers and auditors.
Acceptable Use Policy
Available upon request for enterprise customers and auditors.
Privacy Program Overview
Available upon request for enterprise customers and auditors.
Customer-facing legal terms: Privacy Policy, Terms of Service, and Data Processing Addendum.
Enterprise Security
Security-first architecture for regulated industries
HARFT AI implements enterprise-grade security controls including MFA, RBAC, encryption, audit logging, vendor management, and incident response.
MFA
Multi-factor authentication enforced on all administrative and production access.
RBAC
Role-based access with organization-scoped tenant isolation.
Encryption
TLS 1.2+ in transit and AES-256 at rest for databases and storage.
Audit Logging
Authentication, admin actions, and API access logged and retained.
Vendor Management
Tiered vendor assessment, DPAs, and annual security reviews.
Incident Response
Documented procedures with defined severity levels and escalation paths.
FAQ
Customer Security FAQ
Contact Security Team
For security questionnaires, vendor assessments, or compliance inquiries, contact our security team directly.
Privacy inquiries: privacy@harft.ai
Ready to deploy your AI Workforce?
Deploy AI employees across front office, operations, and back office — start with one pilot on live traffic, expand when ROI is proven.