Security

Last Updated: February 1, 2026

Harmonity is designed for teams handling sensitive commercial and legal documents. We focus on least-privilege access, secure handling of data, and auditability across the contract lifecycle—from draft to approval and renewal.

For security questions or procurement requests, contact support@harmonity.ai or use

1. Security approach (high level)

Harmonity’s security program is built to support controlled contract workflows:

  • Permissioned access & scoped visibility (workspace + document level)
  • Audit-ready activity history with attributable actions
  • Encryption in transit and at rest (high-level)
  • Monitoring and operational controls to support availability and incident response
  • Vendor governance through subprocessors transparency and contractual data-processing terms

This page provides an overview. Additional documentation can be shared for evaluation (and under NDA where needed) via the security package.

2. Access control by design

Workspace & document roles

Access is governed through roles and permissions that define who can:

  • View, comment, edit, approve, or manage documents
  • Administer workspace settings and user access (where applicable)

Permission boundaries apply across features

Access rules are designed to apply consistently across:

  • Core workflows (create, review, collaborate, approve)
  • Document storage and retrieval
  • Harmony AI features (AI respects user/document scope)

Customer responsibility

Customers are responsible for:

  • Assigning appropriate roles and least-privilege access
  • Maintaining secure authentication practices and device security
  • Ensuring authorized use by their users

3. Data protection and encryption (high level)

Encryption

We use industry-standard encryption practices, including:

  • Encryption in transit (e.g., TLS)
  • Encryption at rest for stored data

Secure storage and backups

We use secure storage and controlled access to data stores. Backups and recovery processes are designed to support business continuity and operational resilience.

    Procurement teams can request deeper technical details via the security package.

    4. Auditability and logging

    Harmonity supports governance by making key actions attributable:

    • Attributable actions: key events are timestamped and tied to actors
    • Centralized logging: designed to support investigations and operational monitoring
    • Audit-ready history: helps legal/procurement teams maintain traceability for contract changes and approvals

    Specific logging and retention details can be provided under the security package and/or in the DPA where applicable.

    5. Application security and vulnerability management

    We aim to maintain a secure development and operations lifecycle, including:

    • Secure development practices and review processes (high-level)
    • Dependency and vulnerability management (high-level)
    • Incident detection, triage, and remediation workflows (high-level)

    If your organization requires specific questionnaires, security attestations, or evidence, request the security package and we will route you to the right materials.

    6. Incident response and customer communication

    We maintain processes for:

    • Detecting and responding to security incidents
    • Assessing impact and implementing remediation
    • Communicating with customers when appropriate

    Planned maintenance and operational communications are covered in the Reliability section of the Trust Center and the Service Level Agreement (SLA) (where applicable). A public Status Page may be added later.

    7. AI security and “controlled AI”

    Harmony AI is designed to be governed, not opaque:

    • AI follows the same permission boundaries as users and documents
    • Outputs are designed to be reviewable and (where applicable) evidence-linked
    • AI outputs are not legal advice and require human review and approval
    See AI & Data Governance

    8. Subprocessors and third-party service providers

    Harmonity may rely on subprocessors for hosting, analytics, communications, and other operational needs.

    • We provide transparency via Trust Center → Subprocessors
    • Data-processing roles and obligations are defined in the Data Processing Addendum (DPA)

    Where required by procurement, we can provide additional vendor security details via the security package.

    9. Security documentation (procurement-friendly)

    Available via Request Security Package (and under NDA where needed):

    Security overview (controls summary)
    High-level architecture overview
    Data handling & privacy overview
    Access control and auditability overview
    Vulnerability management approach (high-level)
    Business continuity / disaster recovery overview (high-level)
    Additional questionnaires and enterprise requirements (where applicable)

    10. How to contact us

    For security inquiries, vulnerability reporting, or procurement requests:

    support@harmonity.ai

    Subject suggestion: “Security / Trust Center”

    11. Change log

    DateChange
    February 1, 2026Initial publication