How harpin AI protects your customer data

Sharing personal identity information and other first-party and second-party data is an act of trust. We take this seriously, with a dedicated security team and program built around the protection of your data. Our security procedures are designed to detect, evaluate, and resolve any potential security risks, quickly. 

Security and Privacy - Hero

When we say secure
infrastructure, we mean it

Harpin AI uses Amazon Web Services (AWS) for its production platform and uses proven security products within the AWS ecosystem, including Key Management Service (KMS), GuardDuty, and Inspector. We use native services to ensure the security of data at rest and in transit.

Encryption-at-rest

All customer data we collect and store is protected at rest in stores encrypted by AES-256 keys that are provisioned on a ‘by customer’ basis. Even if other controls failed, no third party would be able to access your data.

Encryption-in-transit

All data in transit occurs via modern encryption protocols, including TLS 1.2 and SSHv2. We monitor any potential violations of these configurations in real time via AWS-native and third-party security tools.

Access is limited (because your data deserves VIP treatment)

Least privileged access

Policies, procedures, and automation are in place to ensure that only the appropriate personnel can access customer data based on their role, with validation from select team members. We monitor access patterns and potential violations in real time, and generate alerts if investigation is required.

Eyes on every activity

All AWS access events are monitored and logged, in accordance with best practices and SOC 2 compliance. These logs are read-only to prevent tampering and only accessible by authorized team members.

Security and Privacy - Harpin AI + aws graphic

We employ active threat defense

Using AWS-native and third-party tools, we capture access patterns from employees and services, which provide alerts on any activity that doesn’t match our usage baselines. We constantly ingest data from threat feeds to alert on behavior consistent with contemporary tactics, techniques, and procedures. Such events notify the security team and receive immediate investigation. Our incident response process will be triggered if anomalous patterns can’t be associated with a known or benign action.

Proudly SOC 2 Certified

Harpin AI is SOC 2 Type 2 certified, and continuously monitors all associated controls to ensure we remain in compliance at all times. All security policies are reviewed annually by our team as well as independent auditors to ensure they reflect our current risk and compliance profiles.

Logo - AICPA SOC

Subprocessors

Amazon Web Services

Services provided: Hosting and infrastructure for product services
Location: United States

Tray.io

Services Provided: Data connectors to customer systems of record
Location: United States

Slack

Services provided: Internal company communication
Location: United States

Google

Services provided: Internal company communication
Location: United States

SumoLogic

Services provided: Log aggregation and monitoring
Location: United States

Squadcast

Services provided: Incident management and alerting services
Location: United States

Atlassian

Services provided: Project management and documentation
Location: United States

iMerit

Services provided: Data labeling for training models
Location: United States

Data Controller vs
Data Processor

We are considered a data processor for data sent to and stored by us. We have a well-defined process for managing requests associated with GDPR, CCPA and other consumer privacy laws and regulations.

Don’t hesitate to reach out

Your security concerns are our priority

Contact us at security@harpin.ai. Let’s work together in creating a secure future.