Security You Can Trust

HOW WE HANDLE YOUR DATA

We work with trusted providers that meet rigorous security and compliance standards. For AI processing, we use: OpenAI, Anthropic, Google AI models.

OUR SECURITY MEASURES

‍Authentication & Access Control
- Strong JWT-based authentication
- Role and row-level security so users only access their own data
- Secure session management

‍Data Protection
- TLS 1.3 encryption in transit
- Encrypted storage for data at rest
- All sensitive operations handled server-side
- Minimal collection of personal information

‍Infrastructure Security
- Built on certified cloud platforms (SOC 2, ISO 27001, HIPAA, PCI DSS)
- DDoS protection and rate limiting
- Isolated environments for added safety

‍Monitoring & Response
‍- Real-time error and performance monitoring
- Privacy-compliant session replay
- Audit logging of critical actions
‍
‍Development Practices
- Code reviews for every change
- Separate dev, staging, and production environments
- Regular vulnerability scanning and updates

‍Compliance & Privacy
- GDPR-ready with data deletion capabilities
- CCPA compliance features built in
- Data residency options available
- goHeather employees are bound by confidentially agreements


‍Data Residency & Infrastructure
Primary Data Hosting:
‍Our core application and customer data are encrypted at rest and hosted securely in the United States on AWS.

‍Sub-processors & Third-Party Services: To provide industry-leading features, such as AI inference, analytics, and payment processing, we partner with a select group of industry leading and universally trusted third-party vendors. While our primary data remains in the US, limited metadata or specific processing tasks may be handled by these providers.

‍List of Sub-processors: We maintain a transparent list of our current technology partners. Contact us for the fill list.

Always Improving
We regularly review, update, and strengthen our security to stay ahead of new risks and give you peace of mind.

No AI Training
goHeather does not train its AI with any customer data (including contracts) and neither do our AI partners. Our AI APIs only keep limited request logs for up to 30 days solely for abuse monitoring.

Accuracy
We regularly benchmark our AI for legal accuracy. While our AI should be treated as a “first pass,” you can rely on goHeather with a human in the loop for industry leading results.
‍

Security and Privacy

Contracts encrypted with gold-standard protection

Database provider meets bank-grade security

Your documents and data will never be sold

We do not use your data to train our models