Hyperproof AI helps compliance teams work faster by providing decision support only—never making binding decisions on its own. Customer data is used only at the time of request (inference), and Hyperproof does not use such data to train AI models.
All processing occurs inside Hyperproof’s Microsoft Azure environment. AI features enforce the same role-based permissions as the rest of Hyperproof and are covered under our SOC 2 Type II and GDPR certifications. They are also subject to our standard incident response processes.
Customers can opt out of AI entirely at the organization level.
Introduction
At Hyperproof, our mission is to make compliance effortless while protecting the trust our customers place in us. Hyperproof AI brings generative AI and automation into our platform to help teams work faster and smarter.
This policy explains how we design, build, and operate AI features in Hyperproof.
What is Hyperproof AI?
Hyperproof AI is the umbrella name for all AI-powered capabilities within the Hyperproof platform.
It includes embedded assists (such as search, summaries, and recommendations) and an AI workspace for conversational interactions.
AI features are marked with a consistent AI icon to make them easy to identify.
Hyperproof AI uses Microsoft AI services within our Azure environment, fully integrated into the same platform that powers the rest of Hyperproof.
How We Use Customer Data with AI
We do not use customer data to train or fine-tune AI models. Instead:
Hyperproof AI uses customer data at the time of request (inference) to provide answers, generate summaries, or automate workflows.
We use a vector database where needed. Data retrieved from the vector database is trimmed for security so outputs are generated only from data a user is already authorized to view.
Microsoft may retain prompts and outputs for up to 30 days solely for abuse monitoring.
Hyperproof does not permit Microsoft to use prompts or outputs for training models.
For purposes of this policy, “customer data” refers to data submitted to or stored in the Hyperproof platform by or on behalf of a customer. Customer data does not include aggregated or de-identified data, product usage data, system logs, or support interactions, which may be used to operate, secure, and improve the Services.
Customer Choice and Control
Customers can opt out of all Hyperproof AI features if desired.
At this time, we do not offer per-feature opt-out.
User-visible AI content is identified as such. Material changes require human approval unless covered by an approved automation policy.
All AI actions honor permissions.
Hyperproof AI provides decision support. Customers remain responsible for reviewing outputs and ensuring suitability before external use.
Privacy, Security, and Compliance
Built on Azure: All AI processing happens inside Hyperproof’s Azure environment. Prompts are processed within a Microsoft-defined data zone, such as the United States or the European Union.
Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Access Controls: AI features enforce the same role-based access controls as the rest of Hyperproof.
No training on customer data: Hyperproof does not use customer data to train or fine-tune AI models and does not permit subprocessors to do so.
Incident response: Any issues with AI outputs are handled through Hyperproof’s SOC 2–audited incident response process, with the ability to disable specific features if needed.
Compliance: All AI features are covered under Hyperproof’s SOC 2 Type II and GDPR certifications, ensuring consistent security and compliance controls.
Responsible Use Principles
Hyperproof AI is designed with the following principles:
Transparency – AI assistance is clearly indicated, and context (such as sources or inputs) is provided where appropriate.
Human in the Loop – AI does not act without explicit user review and approval.
Auditability – AI-assisted actions are captured in the activity feed and attributed to the authorizing user.
Customer Control – Organizations choose whether to enable AI.
Hyperproof communicates significant AI feature changes through release notes and admin notifications.
External Partners
Hyperproof AI uses Microsoft AI services within Azure.
Hyperproof AI uses Snowflake for analytics and reporting when customers enable these features.
For the public Help Center, Hyperproof uses a third-party chatbot from Intercom, which only accesses public documentation and has no access to customer data.
This AI Policy is part of Hyperproof’s external customer materials and will later be incorporated into the Trust Center.
