How harpin AI protects your customer data
Sharing personal identity information and other first-party and second-party data is an act of trust. We take this seriously, with a dedicated security team and program built around the protection of your data. Our security procedures are designed to detect, evaluate, and resolve any potential security risks, quickly.
When we say secure
infrastructure, we mean it
Harpin AI uses Amazon Web Services (AWS) for its production platform and uses proven security products within the AWS ecosystem, including Key Management Service (KMS), GuardDuty, and Inspector. We use native services to ensure the security of data at rest and in transit.
Encryption-at-rest
All customer data we collect and store is protected at rest in stores encrypted by AES-256 keys that are provisioned on a ‘by customer’ basis. Even if other controls failed, no third party would be able to access your data.
Encryption-in-transit
All data in transit occurs via modern encryption protocols, including TLS 1.2 and SSHv2. We monitor any potential violations of these configurations in real time via AWS-native and third-party security tools.
Access is limited (because your data deserves VIP treatment)
Least privileged access
Policies, procedures, and automation are in place to ensure that only the appropriate personnel can access customer data based on their role, with validation from select team members. We monitor access patterns and potential violations in real time, and generate alerts if investigation is required.
Eyes on every activity
All AWS access events are monitored and logged, in accordance with best practices and SOC 2 compliance. These logs are read-only to prevent tampering and only accessible by authorized team members.
We employ active threat defense
Using AWS-native and third-party tools, we capture access patterns from employees and services, which provide alerts on any activity that doesn’t match our usage baselines. We constantly ingest data from threat feeds to alert on behavior consistent with contemporary tactics, techniques, and procedures. Such events notify the security team and receive immediate investigation. Our incident response process will be triggered if anomalous patterns can’t be associated with a known or benign action.
Proudly SOC 2 Certified
Harpin AI is SOC 2 Type 2 certified, and continuously monitors all associated controls to ensure we remain in compliance at all times. All security policies are reviewed annually by our team as well as independent auditors to ensure they reflect our current risk and compliance profiles.
Subprocessors
Data Controller vs
Data Processor
We are considered a data processor for data sent to and stored by us. We have a well-defined process for managing requests associated with GDPR, CCPA and other consumer privacy laws and regulations.