AI Platform Security | GDPR, SOC 2, Zero-Knowledge Architecture

Security is built into our foundation

When you're ready to scale your business with AI agents, security can't be an afterthought. We built Autohive with enterprise-grade security from day one, ensuring your sensitive business data remains protected while you use the power of AI collaboration.

Compliance and certifications

GDPR & CCPA

We are compliant with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We provide tools and processes to help you meet your data obligations. You can view our GDPR policy here.

SOC2

Autohive is in the process of achieving SOC 2 Type II attestation, with platform controls designed to meet the AICPA’s trust services criteria for security, availability, and confidentiality. While our attestation is in progress, we rely on AWS infrastructure, which is already SOC 2 certified—giving you the assurance that your data is hosted on a platform that meets some of the most rigorous security standards in the industry.

CASA certified by Google

Autohive is CASA certified under Google’s Cloud Application Security Assessment framework. This certification recognises our commitment to meeting strong security and data protection standards. It validates that Autohive has undergone an independent assessment and meets Google’s requirements for handling data securely in the cloud.

HIPAA compliant

Autohive is configured for HIPAA compliance, including electronically protected health information (e-PHI). We are willing to sign a BAA with your organisation in order to use our products and services. The best next step when looking for a HIPAA compliant solution is to reach out to us and discuss exactly what you require in order to maintain compliance.

Data governance and privacy

Your data is never used for AI training

We maintain strict data isolation. Your proprietary information, customer data, and business intelligence will never be used to train any third-party AI models. Your competitive advantage stays yours.

Data portability and deletion

Your data is retained securely for a limited time, after which it is scheduled for automatic deletion. While we do not currently support manual deletion or export, we are designing systems with future support for data lifecycle controls and portability in mind.

Data sovereignty

We have designed Autohive with regional data storage front of mind. We will soon be rolling this out to users as needed.

Application and data security

Encryption and data isolation

We use strong encryption standards to protect your data—TLS 1.2+ in transit and AES-256 at rest. Sensitive fields are encrypted at the column level, and data is isolated by workspace, meaning information in one workspace cannot be decrypted or accessed by another.

We can’t see your data

Our zero-knowledge architecture is designed to keep your raw business data private, even from us. This includes chats, data from third-party integrations, and files uploaded to your content area. Autohive administrators do not have access to this information.

Application-level role permissions

Autohive includes in-app role-based permissions. You can control who in your workspace can view, edit, or interact with specific agents and data. These roles help align access with team responsibilities while keeping infrastructure and backend systems completely separate.

Infrastructure and operations

Regular security audits and penetration testing

We engage independent security firms to perform regular penetration tests and vulnerability assessments to continuously strengthen our defenses.

24/7 monitoring and incident response

Our security team monitors platform activity around the clock using advanced threat detection. In the event of an incident, our response team activates immediately to protect your data and maintain transparency.

Secure integrations

Connect Autohive to your existing tools through secure, authenticated APIs. We use industry-standard protocols such as OAuth 2.0 to ensure third-party integrations meet the same high security standards as our core platform. Autohive has completed platform-specific certifications and is CASA Tier 2 certified, a requirement from Google Cloud.

Your questions, answered

What happens to the information and files I upload in my Content area?

Anything you add to the Content area stays private to your workspace. Only workspace members and the agents you've given access can view it.

Can AI agents see what's in my Content area?

Yes, but only when you ask them to help. When you give an agent a task, it reads just the content it needs to complete it.

Are the files in the Content area of my workspace shared with AI providers?

Yes, agents can access Content area files, but only when you grant them permission.
When you authorize an agent to use files from your Content area, any relevant files are sent securely via API to the LLMs you’ve selected—just like when you connect directly to a paid LLM API.

Will that data be used to train any LLM models?

No. Autohive does not use model providers known to train on customer data. We work with trusted providers that follow responsible logging and retention practices, typically caching data for up to 24 hours and keeping logs for 30 to 60 days to support reliability and troubleshooting.

Ready to experience secure AI collaboration?

Your data protection concerns shouldn't hold back your business growth. Contact our team to discuss your specific requirements and see how Autohive can meet your organization's security standards.