Security at Huegoo.
What we do today, what's in progress, and what data leaves your team's control.
At a glance.
- GDPR
- compliant data handling architecture
- Customer data used to train models
- never
- Encryption
- at rest and in transit
- Hosting
- cloud-hosted by default; customer-cloud deployment available on enterprise plans
- Sub-processors
- list maintained, current
How Huegoo handles your data.
Data ingestion and storage.
- Data is uploaded directly by the user. No auto-ingestion at v1.
- Files are stored encrypted at rest.
- Tenant isolation: each customer's data lives in a separately scoped storage tier.
- Retention: data is retained for the life of the contract plus 30 days, after which it is permanently deleted.
Model usage and inference.
- Customer data is sent to the model provider only during the active generation pass.
- Customer data is not used to train any model. This is contractually committed.
The verification architecture.
- Three verification loops run during every deck generation: input validation, retrieval against your source data, and pre-output checks.
- Claims that cannot be traced back to your uploaded source data are flagged in the draft, surfaced to you for resolution before any slide is built.
- Every claim in every output deck carries a citation pointing to the file, sheet, and cell range that produced it.
Access control.
- Authentication: SSO supported on enterprise plans (SAML, OIDC).
- Role-based access control: viewer, editor, admin roles per workspace.
- Audit log: every brief, every clarifying question, every edit, every refresh, every export is logged.
Data deletion.
- Right to deletion: customer data can be permanently deleted within 30 days of request or contract end.
- Deletion is irreversible and audited.
Compliance status.
- GDPR: compliant architecture (data subject rights, right to deletion, data processing addendum available).
- HIPAA: not currently in scope. Contact us if your use case requires it.
What to share with your security team.
We're happy to share the following on request, typically within one business day.
- Security questionnaire pre-fill (CAIQ or SIG)
- Data Processing Addendum
- Penetration test results (when available)
To request any of the above, apply to the design partner program and your team's security review can run in parallel with the design-partner conversation.
Customer-cloud deployment.
For teams with strict data residency or isolation requirements, Huegoo deploys into your cloud account (AWS, GCP, or Azure). Customer-cloud deployment is available on enterprise plans. Contact us to scope the engagement.