SECURITY POLICY
(BuddyHQ Inc.)
Effective Date: December 10th, 2025
1. Infrastructure
BuddyHQ is hosted on Google Cloud Platform (GCP), utilizing its certified security framework.
2. Technical Measures
- Encryption in transit (TLS)
- Encryption at rest
- API and firewall protections
- Monitoring and logging
- Secure development practices
- Rate limiting and anomaly detection
3. Employee Access
Access is restricted to authorized personnel with legitimate business needs. All access is logged and reviewed.
4. AI Processing Security
We use:
Proprietary and third-party AI systems carefully selected for safety, performance, and reliability.
User content is:
- Processed securely
- Not used to train external models
- Not retained longer than necessary
5. Incident Response
If a breach impacts your data, we notify affected users within 72 hours or as legally required.
6. Retention & Deletion
Data is retained only as long as required to operate and secure the Service.
Deletion requests: support@buddyhq.ai
7. Future Security Enhancements
- SOC 2 readiness
- Independent penetration tests
- Expanded monitoring
- Enterprise-grade audit trails