Security & Trust

Last updated: 2026-05-21

Security is foundational to HAV-IQ. We build for teams that take their Salesforce environments seriously, and we hold ourselves to the same standard. Here's how we think about protecting your data.

Your data stays in your boundary

Salesforce-native

HAV-IQ runs inside your own Salesforce environment. Your metadata, records, and configuration stay within your boundary — we don't warehouse your source of truth in our cloud.

You control your AI

AI features run on credentials you own and control. We never see your AI conversation content.

Encrypted by default

Credentials are encrypted at rest, and all data in transit is protected with modern TLS. No plaintext secrets in logs or output.

Trust principles

AI features are opt-in and off by default — and the platform keeps working with them disabled.
Sensitive actions are logged for audit and accountability.
We follow Salesforce security best practices throughout the platform.
Billing is handled by a PCI-compliant provider; we don't store card data.

Compliance posture

GDPR & CCPA aligned — we honor data subject requests (access, correction, deletion, and data export on request).
SOC 2 Type II — in preparation.
ISO 27001 — on our roadmap.
Salesforce AppExchange Security Review — in progress.

Vulnerability disclosure

If you believe you've found a security issue, please email info@haviq.io. We acknowledge reports promptly, investigate quickly, and credit researchers who disclose responsibly.

Evaluating HAV-IQ for your organization?
We share our detailed security whitepaper and architecture overview with prospective customers under NDA.

Request the security whitepaper