Does HARFT have SOC 2 certification?

HARFT is currently implementing SOC 2-aligned controls as part of our SOC 2 Readiness Program and is preparing for future SOC 2 Type I audits. HARFT AI has not yet completed an independent SOC 2 audit.

Is customer data encrypted?

Yes. Customer data is encrypted in transit using TLS 1.2+ and at rest using AES-256 for databases and object storage.

Does HARFT train AI models on customer data?

No customer data is intentionally used to train public AI models. AI inference is performed via enterprise API agreements configured to opt out of training where available.

What cloud providers are used?

HARFT AI uses Azure for cloud infrastructure and approved vendors including Cloudflare, OpenAI, Telnyx, and Stripe for specialized services.

How is access controlled?

Access is controlled through MFA, role-based access control (RBAC), least privilege principles, and periodic access reviews across all production systems.

Security

Security-first architecture for AI automation

HARFT AI implements SOC 2-aligned security controls across identity, infrastructure, data protection, and AI operations — built for businesses that cannot afford compliance failures.

HARFT AI maintains a SOC 2 readiness program and is implementing security controls aligned with SOC 2 Trust Service Criteria. HARFT AI has not yet completed an independent SOC 2 audit.

Visit Trust Center

Principles

Security principles

Every HARFT deployment is governed by documented policies and operational controls designed for enterprise evaluation.

Least Privilege Access

Access is granted based on job function, enforced via RBAC and MFA. Privileged accounts are reviewed quarterly and deprovisioned within 24 hours of role changes.

Zero Trust Philosophy

No implicit trust based on network location. Every request is authenticated, authorized, and logged — whether from internal tools or customer-facing APIs.

Data Minimization

Only data necessary for service delivery is collected. Retention schedules are documented, configurable per contract, and enforced with secure deletion.

Secure Development Lifecycle

Code review, dependency scanning, input validation, and secrets isolation are standard practice. Infrastructure and application changes are version-controlled.

Vendor Risk Management

Critical vendors undergo security assessment, contractual DPA requirements, and annual review. Provider abstraction reduces lock-in on critical paths.

Controls

Implemented security controls

Core controls currently in place as part of our SOC 2 Readiness Program.

MFA Enforcement
Encrypted Data in Transit
Encrypted Data at Rest
Role-Based Access Controls
Audit Logging
Vendor Review Process
Secure Cloud Infrastructure

Infrastructure

Infrastructure stack

Enterprise-grade providers with tiered vendor assessment, contractual data protection, and continuous monitoring.

Microsoft Entra ID

Identity & Access

Primary identity provider for corporate and administrative access with MFA enforcement and conditional access policies.

Azure

Cloud Infrastructure

Production hosting, PostgreSQL databases, object storage, and geo-redundant backups with network segmentation.

Cloudflare

Edge Security

CDN, DNS, WAF, and DDoS protection at the network edge with TLS termination and traffic analytics.

OpenAI API

AI Inference

LLM inference for AI agents with API-level data processing terms. Customer data not used for public model training.

Telnyx

Telephony

Voice telephony infrastructure for AI receptionist services with encrypted call routing and session management.

Stripe

Payments

PCI-compliant payment processing for billing. HARFT AI does not store raw payment card data.

Roadmap

Compliance roadmap

A structured path from readiness to independent assurance.

Current
SOC 2 Readiness Program
Implementing SOC 2-aligned controls, documenting policies, and collecting audit evidence.
Planned
SOC 2 Type I
Independent point-in-time assessment of control design by a qualified auditor.
Future
SOC 2 Type II
Independent assessment of control operating effectiveness over a defined observation period.
Future
HIPAA Readiness
Enhanced controls and BAA workflows for healthcare clients requiring HIPAA-aligned deployments.
Future
ISO 27001
Evaluation of ISO 27001 information security management system certification.

Enterprise Security

Security-first architecture for regulated industries

HARFT AI implements enterprise-grade security controls including MFA, RBAC, encryption, audit logging, vendor management, and incident response.

MFA

Multi-factor authentication enforced on all administrative and production access.

RBAC

Role-based access with organization-scoped tenant isolation.

Encryption

TLS 1.2+ in transit and AES-256 at rest for databases and storage.

Audit Logging

Authentication, admin actions, and API access logged and retained.

Vendor Management

Tiered vendor assessment, DPAs, and annual security reviews.

Incident Response

Documented procedures with defined severity levels and escalation paths.

FAQ

Customer Security FAQ

Security inquiries

For security questionnaires, architecture reviews, or compliance documentation requests.

security@harft.ai

Ready to deploy your AI Workforce?

Deploy AI employees across front office, operations, and back office — start with one pilot on live traffic, expand when ROI is proven.