Security

Security & Privacy

HashQ is built for revenue teams that handle sensitive deal intelligence. Here's how we protect it.

We're an early-stage company actively working toward full SOC 2 Type II certification. The practices described here reflect how we operate today.

Data encryption

  • All data is encrypted in transit using TLS 1.2 or higher.
  • All data is encrypted at rest using AES-256.
  • This covers call transcripts, emails, CRM records, and meeting notes.

Data handling

  • HashQ processes your sales interaction data solely to operate the product.
  • Your data is never sold or shared with third parties.
  • Your data is never used to train AI models.
  • You can export or delete your data at any time.

Access controls

  • Role-based permissions: Admin, Manager, Rep.
  • Each user sees only their connected accounts and shared workspace data.
  • All agent actions are logged and auditable.

Compliance

  • SOC 2 Type II certification in progress.
  • GDPR compliant.
  • Data Processing Agreement (DPA) available on request.

Infrastructure

  • Hosted on AWS.
  • Isolated per-tenant data architecture.
  • Automated daily backups with point-in-time recovery.

Responsible disclosure

  • Found a vulnerability? Email security@hashq.ai.
  • We aim to respond within 48 hours.