Humata Data Security


Everything that matters.
Safe and sound.

We take the security and privacy of our customers' files seriously. Our privacy and security program is informed by industry standards like SOC 2, ISO 27001, and GDPR. You can rely on our enterprise-grade security to enable insights for your entire team.


Nearly complete


Secured at rest, secured in flight

We use “privacy by design” frameworks to protect all customer data.

Encrypted at rest

We use top-of-class SHA 256-bit encryption to lock all files in our system. This secure layer means only you can view your data.

Encrypted in transit

Our TLS 1.3 protocol provides security between our servers and your browser. We serve HTTPS over signed Cloudflare and Google Cloud connections.

SSO / SAML authentication

We will soon offer single sign-on integration, so your team doesn't need to make new credentials. You will soon be able to use Google, which keeps you in control of all your credentials.

Least privilege procedures

We give our tech teams limited access when they make changes. We empower admins with the least privilege they need, and only during the job.

SOC-2 compliance

We are SOC-2 Type II compliant, underscoring our commitment to superior security practices and operational effectiveness.

Easy team management

Use our web app to give access in a snap. You can spin up a teammate in seconds. Onboarding takes less than a minute.

Pristine process control

We built our business to be auditable from every angle. Our compliance program includes ...

Access Control

  • Acceptable Use Policy

  • Access Control Policy

  • Asset Management Policy

  • Corporate Information Security Policy

  • Data Protection Policy

  • Encryption Policy

  • Information Security Policy

  • Password Policy

  • Physical Security Policy

  • System Access Control Policy

Privacy Management

  • Data Classification Policy

  • Data Deletion Policy

  • Data Subject Request Policy

  • HIPAA Privacy Policy

Governance and Risk

  • Code of Conduct

  • Employee Handbook

  • HIPAA Privacy Procedure

  • HIPAA Security Policy

  • HIPAA Security Procedure

  • Standards of Business for the US Government Marketplace

  • Vendor Management Policy & Procedure

  • Risk Assessment Policy

  • Software Development Life Cycle Policy

  • Vulnerability Management Policy

Incident Recovery

  • Breach Notification Policy & Procedure

  • Business Continuity Plan

  • Disaster Recovery Plan

  • Incident Response Plan



Get deep detail on our security and privacy practices. Can't find the answer you're looking for? Please chat to our friendly team.

Yes! We are SOC 2 Type II compliant, underscoring our commitment to superior security practices and operational effectiveness. This certification reflects our dedication to maintaining the highest standards of security and reliability. For more information, please check our SOC-2 compliance status here.

No, Humata is committed to ensuring the privacy and security of user data. We do not use any of the data provided by our users to train our AI models. All the information you input into Humata is kept strictly confidential and is not used for any purposes other than to provide the services you request. We employ robust security measures to protect your data from unauthorized access, alteration, disclosure, or destruction.

Yes, we're in the process of implementing Single Sign-On (SSO) using Security Assertion Markup Language (SAML) to enhance both security and user experience. Furthermore, we have plans to seamlessly integrate Multi-Factor Authentication (MFA) and other OAuth identity providers to ensure a secure and streamlined user authentication process.

While we highly value transparency and security, we cannot publicly share detailed information from our security audits due to confidentiality and security concerns. Rest assured, we diligently follow industry best practices and standards, regularly conducting security audits and penetration tests carried out by reputable third-party firms like If you have specific inquiries or concerns, please reach out to our security team directly at

All customer data is safeguarded using end-to-end encryption at rest with AES-256 and during transit via TLS. Additionally, sensitive information such as access tokens and keys undergo encryption at the application level before storage in our database.

Humata relies on secure cloud storage solutions, including Amazon Web Services (AWS), Google Cloud Platform (GCP), and Supabase, for data storage and machine learning applications. Our commitment to security and compliance extends to ensuring that all our vendors adhere to SOC-2 compliance standards. We also advocate for good data hygiene practices to enhance security.

At Humata, the security and data privacy of our customers are paramount. Our robust security program is built on Privacy by Design principles and complies with industry standards across various domains. Regarding data retention, document data used for our model is not retained beyond 30 days. Data in your Humata dashboard is retained and accessible until you request otherwise.

Humata employs Stripe as our trusted payment processor. We do not retain personal credit card information for any of our customers. It's worth noting that Stripe holds the highest level of certification in the payments industry, being a certified PCI Service Provider Level 1. This ensures the utmost security in payment processing.

Get started for free

No credit card required. Try our PDF AI by chatting for free.