Security & privacy at HAIP
We store voice recordings, guest PII, and full conversation history for paying clients. Multi-tenancy and encryption have to be airtight from day one — here is exactly how we do it.
India-first
AWS Mumbai (ap-south-1) by default. No US/EU spillover for Indian tenants.
DPDP-ready
Consent · residency · deletion · audit log · sub-processor disclosure.
Per-tenant KMS
Your recordings encrypted with a key only your tenant can use.
How we protect your data
Six pillars · production from day one
Encryption everywhere
- AES-256 at rest on S3, RDS, and ElastiCache.
- TLS 1.3 in transit between app, workers, database, and storage.
- Per-tenant KMS data keys — tenant A's key cannot decrypt tenant B's recordings.
- Secrets in AWS Secrets Manager — never in env files or code.
Multi-tenant isolation
- Every row carries `tenant_id` — compound primary keys where appropriate.
- Postgres Row-Level Security (RLS) enforced at the database — application code is never the only line of defence.
- Weekly automated cross-tenant regression test simulates a breach attempt.
- Per-tenant data keys mean a leak of one tenant's files reveals nothing about another's.
Access & identity
- 11 built-in roles: Owner · Manager · Reservations · Concierge · FOH · Marketing · Compliance · QA · Coach · Read-only.
- Attribute-based scoping — Concierge for Villa A only sees Villa A.
- SSO via Google + Microsoft on every tier. SAML / SCIM on Enterprise (WorkOS).
- MFA mandatory for Owner and Compliance roles. Session: 15-min JWT + 30-day refresh.
Audit & observability
- Append-only, hash-chained audit log — 5-year retention.
- Every score, override, export, login, role change is captured with actor + timestamp.
- Per-tenant audit export to S3 or your bucket.
- Sentry + Grafana for real-time error and performance monitoring.
DPDP & PII handling
- PII redaction at L1 — card / Aadhaar / PAN / phone / email tokenised before transcripts reach the LLM.
- Recording consent prompt captured in the IVR greeting; consent events logged in HAIP's consent log.
- Delete-on-request flow — guest record + linked rows + recordings purged within 30 days.
- Sub-processor list public — DPAs signed with Anthropic, Deepgram, AWS, and your IVR provider.
Data residency
- India tenants live in AWS Mumbai (ap-south-1) by default — primary data, recordings, and backups.
- EU customer data isolated to eu-central-1 on Enterprise tier.
- BYOK (bring your own KMS key) and dedicated VPC on Enterprise.
- We never replicate Indian tenant data to non-Indian regions without explicit consent.
Sub-processor registry
Every third party that touches your data
Public list. Data Processing Agreements (DPAs) signed with each. We will notify you in advance of any new sub-processor we onboard.
Compliance status
Where we are, and where we're going
We don't claim certifications we don't hold. Here is the honest status as of May 2026.
DPDP Act 2023 (India)
ReadyConsent capture, residency, deletion workflows
SOC 2 Type I
In progress · 2026 Q4Audit kick-off scheduled
ISO 27001
Planned · 2027Post SOC 2
GDPR
AlignedEU-tenant data residency on Enterprise
Annual pen test
From Year 2Third-party tester contracted
Reporting a vulnerability
Found something? Please email security@haip.appwith details. We acknowledge within 1 working day and aim to triage within 3. We don't pursue legal action against good-faith research.
< 1 day
Acknowledgement
< 3 days
Triage
< 14 days
High-severity fix
Need our security pack for a vendor review?
We're happy to share our architecture diagram, threat model, DPA, sub-processor registry, and pen-test plan with your compliance team — typically over a 30-minute call.