// Security & Compliance
Security at Ahoy
Your pipeline is your business, and the conversations inside it are some of the most sensitive data your company holds. Ahoy ships with the controls your security and procurement teams expect: SOC 2 Type I & II, HIPAA compliance, encryption in transit and at rest, and access controls down to the field level.
Compliance
SOC 2 Type I & II
Ahoy has completed SOC 2 Type I and Type II audits. An independent auditor examined our controls against the AICPA Trust Services Criteria for security, availability, and confidentiality - Type I for how the controls are designed, Type II for how they operate over a sustained observation period. Reports are available on request.
HIPAA
Ahoy is HIPAA compliant, so teams that handle protected health information can use it with that requirement met. Business Associate Agreements (BAAs) are available.
How your data is protected
- Encryption everywhere. Your data is encrypted in transit and at rest.
- Access control at every level. Roles and permissions govern who can see and change what, and field-level visibility lets you keep sensitive properties with the people who should have them.
- Workspace isolation. Organizations running multiple workspaces get full isolation between them - each workspace has its own pipelines, data model, roles, and permissions.
- Single sign-on. SAML SSO is available, so access follows your identity provider.
- Sync you control. A do-not-track list keeps the addresses and domains you choose out of your email sync, and can retroactively remove what was already synced.
Your data, your call
You can request deletion of your data at any time via the data deletion request page. How we collect, use, and protect information is set out in our privacy policy.
For your security review
If you're evaluating Ahoy, we can provide what your review needs:
- SOC 2 Type I and Type II reports
- Completed security questionnaires
- BAAs for teams handling protected health information
Email hello@ahoy.ai and we'll get them to you.
Related: Privacy policy · Terms of service · Data deletion request