Security You Can Trust

HOW WE HANDLE YOUR DATA

We work with trusted providers that meet rigorous security and compliance standards. For AI processing, we use: OpenAI, Anthropic, Google AI models.

OUR SECURITY MEASURES

‍Authentication & Access Control
- Strong JWT-based authentication
- Role and row-level security so users only access their own data
- Secure session management

‍Data Protection
- TLS 1.3 encryption in transit
- Encrypted storage for data at rest
- All sensitive operations handled server-side
- Minimal collection of personal information

‍Infrastructure Security
- Built on certified cloud platforms (SOC 2, ISO 27001, HIPAA, PCI DSS)
- DDoS protection and rate limiting
- Isolated environments for added safety

‍Monitoring & Response
‍- Real-time error and performance monitoring
- Privacy-compliant session replay
- Audit logging of critical actions
‍
‍Development Practices
- Code reviews for every change
- Separate dev, staging, and production environments
- Regular vulnerability scanning and updates

‍Compliance & Privacy
- GDPR-ready with data deletion capabilities
- CCPA compliance features built in
- Data residency options available
- goHeather employees are bound by confidentially agreements

Always Improving
We regularly review, update, and strengthen our security to stay ahead of new risks and give you peace of mind.

No AI Training
goHeather does not train its AI with any customer data (including contracts) and neither do our AI partners. Our AI APIs only keep request logs for up to 30 days solely for abuse monitoring.

Accuracy
We regularly benchmark our AI for legal accuracy. While our AI should be treated as a “first pass,” you can rely on goHeather with a human in the loop for industry leading results.
‍

Security and Privacy

Contracts encrypted with gold-standard protection

Database provider meets bank-grade security

Your documents and data will never be sold

We do not use your data to train our models