For security inquiries or to request restricted documents, email security@hoopai.com.
Certifications and compliance
SOC 2 Type II
Independent third-party audit covering security and availability controls. Report available under NDA.
GDPR
Data processing aligned with GDPR requirements. DPA available on request.
HIPAA ready
Configurable workflows for handling protected health information.
PCI DSS
Payment processing through PCI-compliant providers (Stripe).
CCPA
Supports California Consumer Privacy Act data rights and deletion requests.
AI governance
Documented provider reviews, usage controls, and human oversight for AI features.
Security overview
| Area | Details |
|---|---|
| Encryption at rest | AES-256 |
| Encryption in transit | TLS 1.3 |
| Authentication | SSO (SAML/OIDC), MFA enforcement |
| Access control | Role-based permissions, least-privilege access |
| Monitoring | Centralized logging, alerting, and incident response |
| Backups | Daily, multi-region storage |
| Uptime | 99.98% (rolling 90 days) |
| Vulnerability management | Dependency scanning, annual penetration testing |
Platform security
HoopAI uses defense-in-depth controls across identity, network, workload, and data layers.- Granular workspace permissions and least-privilege access paths
- Continuous vulnerability management with dependency scanning and annual penetration testing
- Multi-region cloud architecture with backups, failover, and workload isolation
- Tamper-evident audit logs for admin, agent, and integration activity
AI trust and governance
AI features are governed with vendor review, prompt controls, and human oversight.- Provider due diligence with scoped access controls and approved usage patterns
- Prompt and output review for high-impact customer-facing workflows
- Internal policy for employee AI usage and customer data handling
- Feature-specific documentation for AI assistants, summaries, and agents
Privacy and legal
- Privacy policy, DPA, and subprocessors list available for customer review
- Deletion and export workflows for workspace administrators
- Vendor reviews and contractual obligations for all subprocessors
- Regional guidance for sensitive communication workflows
Operational resilience
- Documented incident response ownership, escalation paths, and customer notification workflows
- Status monitoring, alert routing, and recovery procedures for core services
- Daily backups with tested restore paths for critical systems
- Third-party dependency tracking across communications, AI, and payment providers
Core infrastructure providers
AWS
Cloud hosting and storage
Google Cloud
AI and supporting services
Cloudflare
Edge security and CDN
Stripe
Payment processing
Twilio
Communications infrastructure
OpenAI
AI model provider
Available trust documents
| Document | Access | Last updated |
|---|---|---|
| Security Overview | Public | March 2026 |
| SOC 2 Type II Report | Under NDA | February 2026 |
| Penetration Test Attestation | On request | January 2026 |
| AI Governance Overview | Public | March 2026 |
| Subprocessors List | Public | March 2026 |
| DPA and Privacy Addendum | Public | February 2026 |
| Business Continuity Summary | On request | December 2025 |
| Security Questionnaire Packet | On request | March 2026 |
Frequently asked questions
How do I request restricted documents?
How do I request restricted documents?
Email security@hoopai.com with your company name and the specific materials you need. We route requests to the security team and share materials under NDA when needed.
Do you support SSO and MFA?
Do you support SSO and MFA?
Yes. HoopAI supports SAML- and OIDC-based SSO integrations and provides MFA enforcement options for workspace access.
How is customer data protected?
How is customer data protected?
Customer data is encrypted in transit with TLS 1.3 and at rest with AES-256. Access to production data is limited through role-based permissions and logged administrative workflows.
Which cloud providers do you use?
Which cloud providers do you use?
HoopAI uses AWS, Google Cloud, and Cloudflare for hosting, storage, AI infrastructure, and edge security. The full subprocessor list is available on request.
How can I request data deletion or privacy support?
How can I request data deletion or privacy support?
Submit privacy and deletion requests to security@hoopai.com. We coordinate with internal owners and confirm next steps for your workspace.
How do you govern AI features?
How do you govern AI features?
We scope AI feature usage, review provider access, document approved usage patterns, and monitor higher-impact workflows where AI is involved in customer-facing activity.
Recent updates
March 6, 2026 — Trust Center refresh
Updated trust review package covering AI governance, communications infrastructure, and vendor oversight. Includes refreshed security overview and streamlined questionnaire packet.
February 14, 2026 — Questionnaire packet updated
Expanded answers for retention controls, subprocessors, access review workflows, and AI-enabled product features.