Security, privacy, and data handling.
This page is maintained by HumanWox to answer common security and privacy questions about the HumanWox platform. It describes current, in-product controls and practices, not an independent certification.
Access and authentication
Access to the HumanWox platform requires an authenticated account. Sessions are managed by the platform authentication layer, with password credentials handled by the provider and not stored by the application in cleartext.
Inside a workspace, actions are scoped by role. Administrative changes, record edits, and sharing actions are versioned and attributable to the user who performed them.
Hosting and platform
The HumanWox platform is hosted in the United Kingdom on infrastructure operated by our platform providers. Data in transit is protected using TLS. At-rest storage relies on the encryption controls of the underlying managed database and object storage.
Platform capabilities such as authentication, database, storage, and application hosting are provided by established cloud infrastructure providers. HumanWox does not run its own physical data centres.
Data collection and use
HumanWox collects the information customers enter into the platform to operate the service: AI system records, risks, evidence, decisions, reviews, and related metadata. Account information such as name, email, and workspace role is collected to authenticate users and attribute actions.
Customer content is used to provide the platform to the customer. It is not sold, and it is not used to train third-party foundation models on behalf of other customers.
Subprocessors
HumanWox uses a small set of subprocessors to operate the platform, including our cloud infrastructure, transactional email, and analytics providers. A current list can be provided on request through the security contact below.
Retention and deletion
While a workspace is active, HumanWox retains customer content so the accountability record remains reconstructable over time, which is central to the product.
On termination, customers can request export of their workspace record. Deletion of customer content following termination is available on written request; timelines and specifics are covered in the applicable order form or data processing terms.
Privacy requests
For personal-data access, correction, or deletion requests, contact us at privacy@humanwox.com. For requests concerning data held on behalf of a customer, we work through the customer as data controller.
See the privacy policy for the full statement.
Security contact and vulnerability reporting
To report a suspected vulnerability or a security concern, email security@humanwox.com. Please include reproduction steps and any relevant context. We acknowledge reports and coordinate remediation with the reporter.
Compliance posture
HumanWox is a UK-based provider building for the same regulatory landscape our customers operate in: UK GDPR, the EU AI Act, ISO/IEC 42001, DSIT AIME, and NIST AI RMF. The platform is designed to help customers maintain an accountability record aligned to those frameworks.
We do not claim independent certification on this page. Where customers require specific contractual or certification language, contact us at security@humanwox.com and we will respond with approved wording.
Start the accountability record for your AI systems.
One connected structure for systems, risks, evidence, reviews, decisions, and accountability activity — with a shareable assurance report from day one.
