Hyperproof AI helps compliance teams work faster by providing decision support only—never making binding decisions on its own. Customer data is used only at the time of request (inference) and is never used to train AI models. All processing occurs inside Hyperproof’s secure Microsoft Azure environment. AI features enforce the same role-based permissions as the rest of Hyperproof, are covered under our SOC 2 Type II and ISO 27001 certifications, and are subject to our standard incident response processes. Customers can opt out of AI entirely at the organization level.
Introduction
At Hyperproof, our mission is to make compliance effortless while protecting the trust our customers place in us. Hyperproof AI brings generative AI and automation into our platform to help teams work faster and smarter—without compromising security, privacy, or oversight.
This policy explains how we design, build, and operate AI features in Hyperproof.
What is Hyperproof AI?
Hyperproof AI is the umbrella name for all AI-powered capabilities within the Hyperproof platform.
It includes embedded assists (like search, summaries, and recommendations) and an AI workspace for conversational interactions.
AI features are marked with a consistent AI icon to make them easy to identify.
Hyperproof AI uses Microsoft AI services within our Azure environment, fully integrated into the same secure and compliant platform that powers the rest of Hyperproof.
How we use customer data with AI
We do not use customer data to train or fine-tune AI models. Instead:
Hyperproof AI uses customer data at the time of request (inference) to provide answers, generate summaries, or automate workflows.
We use a secure vector database where needed. Data retrieved from the vector database is trimmed for security so that each user sees only the data that they have access to see.
Outputs are generated only from the data a user is already authorized to view.
Microsoft may retain prompts and outputs for up to 30 days solely for abuse monitoring. They are not used for training models.
Customer choice and control
Customers can opt out of all Hyperproof AI features if desired.
At this time, we do not offer per-feature opt-out.
User-visible AI content is identified as such. Material changes require human approval unless covered by an approved automation policy. All AI actions honor permissions.
Hyperproof AI provides decision support. Customers remain responsible for reviewing outputs and ensuring suitability before external use.
Privacy, security, and compliance
Built on Azure: All AI processing happens inside Hyperproof’s Azure environment. Data never leaves our secure cloud boundary. Prompts are processed only within a Microsoft-defined data zone, such as the United States or the European Union.
Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Access Controls: AI features enforce the same role-based access permissions as the rest of Hyperproof.
No training on customer data: Neither Hyperproof nor our subprocessors use your data to train or fine-tune AI models.
Incident response: Any issues with AI outputs are handled through Hyperproof’s standard SOC 2–audited incident response process, with the ability to disable specific features if needed.
Compliance: All AI features are covered under Hyperproof’s existing SOC 2 Type II and ISO 27001 certifications, giving customers assurance that the same security and compliance controls apply.
Responsible use principles
Hyperproof AI is designed with the following principles:
Transparency: We indicate AI assistance for user-visible content and provide context (sources/inputs) where appropriate.
Human in the Loop: AI never acts without explicit user review and approval.
Auditability: AI-assisted actions are captured in the activity feed and attributed to the authorizing user.
Customer Control: You choose whether to use AI in your organization.
Hyperproof communicates significant AI feature changes through release notes and admin notifications.
External partners
Hyperproof AI uses Microsoft AI services within Azure.
Hyperproof AI also uses Snowflake for analytics and reporting, when customers enable these features.
For our public Help Center, we use a third-party chatbot from Intercom. This chatbot has access only to public documentation and no access to customer data.
Where to learn more
Check out our Trust Center for information on Hyperproof’s policies and procedures. For questions, please contact: [email protected]
