Humata Data Security

Security

Everything that matters.
Safe and sound.

We take the security and privacy of our customers' files seriously. Our privacy and security program is informed by industry standards like SOC 2, ISO 27001, and GDPR. You can rely on our enterprise-grade security to enable insights for your entire team.

Nearly complete

Pending

Secured at rest, secured in flight

We use “privacy by design” frameworks to protect all customer data.

Encrypted at rest

We use top-of-class SHA 256-bit encryption to lock all files in our system. This secure layer means only you can view your data.

Encrypted in transit

Our TLS 1.3 protocol provides security between our servers and your browser. We serve HTTPS over signed Cloudflare and Google Cloud connections.

SSO / SAML authentication

We will soon offer single sign-on integration, so your team doesn't need to make new credentials. You will soon be able to use Google, which keeps you in control of all your credentials.

Least privilege procedures

We give our tech teams limited access when they make changes. We empower admins with the least privilege they need, and only during the job.

SOC-2 compliance

Our SOC-2 compliance certification is nearly complete. We've passed our own tests and are just waiting for Vanta to issue our final certificate.

Easy team management

Use our web app to give access in a snap. You can spin up a teammate in seconds. Onboarding takes less than a minute.

Pristine process control

We built our business to be auditable from every angle. Our compliance program includes ...

Access Control

Acceptable Use Policy
Access Control Policy
Asset Management Policy
Corporate Information Security Policy
Data Protection Policy
Encryption Policy
Information Security Policy
Password Policy
Physical Security Policy
System Access Control Policy

Privacy Management

Data Classification Policy
Data Deletion Policy
Data Subject Request Policy
HIPAA Privacy Policy

Governance and Risk

Code of Conduct
Employee Handbook
HIPAA Privacy Procedure
HIPAA Security Policy
HIPAA Security Procedure
Standards of Business for the US Government Marketplace
Vendor Management Policy & Procedure
Risk Assessment Policy
Software Development Life Cycle Policy
Vulnerability Management Policy

Incident Recovery

Breach Notification Policy & Procedure
Business Continuity Plan
Disaster Recovery Plan
Incident Response Plan

Security

FAQs

Get deep detail on our security and privacy practices. Can't find the answer you're looking for? Please chat to our friendly team.

Is Humata SOC-2 Compliant?

Almost! We've successfully completed the SOC-2 compliance program and are eagerly awaiting the certificate, which we anticipate receiving in the second quarter of 2024. For real-time updates on our progress, please check our SOC-2 compliance status here.

Will Humata train AI Models on my data?

No, Humata is committed to ensuring the privacy and security of user data. We do not use any of the data provided by our users to train our AI models. All the information you input into Humata is kept strictly confidential and is not used for any purposes other than to provide the services you request. We employ robust security measures to protect your data from unauthorized access, alteration, disclosure, or destruction.

Does Humata Integrate with My OAuth Identity Provider?

Yes, we're in the process of implementing Single Sign-On (SSO) using Security Assertion Markup Language (SAML) to enhance both security and user experience. Furthermore, we have plans to seamlessly integrate Multi-Factor Authentication (MFA) and other OAuth identity providers to ensure a secure and streamlined user authentication process.

Can I Access Humata's Last Security Audit Report?

While we highly value transparency and security, we cannot publicly share detailed information from our security audits due to confidentiality and security concerns. Rest assured, we diligently follow industry best practices and standards, regularly conducting security audits and penetration tests carried out by reputable third-party firms like Kobalt.io. If you have specific inquiries or concerns, please reach out to our security team directly at support@humata.ai.

What Encryption Technology Safeguards Humata's Files?

All customer data is safeguarded using end-to-end encryption at rest with AES-256 and during transit via TLS. Additionally, sensitive information such as access tokens and keys undergo encryption at the application level before storage in our database.

Which Cloud Storage Services Does Humata Utilize?

Humata relies on secure cloud storage solutions, including Amazon Web Services (AWS), Google Cloud Platform (GCP), and Supabase, for data storage and machine learning applications. Our commitment to security and compliance extends to ensuring that all our vendors adhere to SOC-2 compliance standards. We also advocate for good data hygiene practices to enhance security.

What Is Humata's Data Retention Policy?

At Humata, the security and data privacy of our customers are paramount. Our robust security program is built on Privacy by Design principles and complies with industry standards across various domains. Regarding data retention, document data used for our model training is not retained beyond 30 days. Data in your Humata dashboard is retained and accessible until you request otherwise.

How Are Payments Processed Securely by Humata?

Humata employs Stripe as our trusted payment processor. We do not retain personal credit card information for any of our customers. It's worth noting that Stripe holds the highest level of certification in the payments industry, being a certified PCI Service Provider Level 1. This ensures the utmost security in payment processing.