Security & Compliance
Security Architecture
Section titled “Security Architecture”Heard is designed for mid-market companies that take data privacy seriously. Security is built into the architecture, not bolted on.
PII Protection
Section titled “PII Protection”Heard uses a defense-in-depth PII scrubbing pipeline that anonymizes all personally identifiable information before it reaches the AI:
| Layer | Method | What It Catches |
|---|---|---|
| Layer 1 | Regex pattern matching | Phone numbers, emails, SSNs, credit card numbers |
| Layer 2 | Named Entity Recognition (NER) | Names, addresses, company names, dates |
| Layer 3 | Contextual analysis | Implied PII, account numbers, custom identifiers |
Key principle: The LangGraph Brain never sees raw PII. It reasons on anonymized data (e.g., [CUSTOMER_1] instead of “John Smith”). PII is re-associated only during action execution — and only if the action requires it (e.g., addressing an email).
Tenant Isolation
Section titled “Tenant Isolation”- Each customer’s data is fully isolated at the database level.
- Each customer’s LangGraph agent state is isolated — no shared state between tenants.
- Hosted OpenClaws run in dedicated containers, each wrapped in an OpenShell sandbox — an open-source (Apache 2.0) runtime that enforces kernel-level isolation through deny-by-default policies. The sandbox restricts filesystem access, blocks unauthorized network connections, and prevents privilege escalation.
Encryption
Section titled “Encryption”| Layer | Standard |
|---|---|
| Data in transit | TLS 1.3 |
| Data at rest | AES-256-GCM |
| OAuth tokens | Encrypted at rest with per-tenant keys |
Access Control (RBAC)
Section titled “Access Control (RBAC)”Four roles with strict permission boundaries:
| Role | Scope |
|---|---|
| Owner | Full access including billing |
| Admin | Configuration: teams, playbooks, HITL rules, MCP servers |
| Manager | View and act on their assigned teams’ data |
| Viewer | Read-only access to assigned teams |
Managers and Viewers are team-scoped — a Support team manager cannot see the Sales team’s data.
Authentication
Section titled “Authentication”- User sessions: Google OAuth 2.0 → Heard JWT (1-hour access token, 30-day refresh token)
- Machine clients: Scoped API keys with revocation support
- No passwords stored. All user auth flows through Google OAuth.
Audit Trail
Section titled “Audit Trail”Every action in Heard is logged:
- AI reasoning paths (via LangSmith traces)
- HITL decisions (who approved, when, what was the original recommendation)
- Action execution results (email sent, CRM updated, tool call result)
- Auth events (login, logout, role changes, key creation/revocation)
Traces are retained for configurable audit windows (default: 90 days).
Compliance Posture
Section titled “Compliance Posture”| Framework | Status |
|---|---|
| SOC 2 Type II | Planned (architecture designed for compliance) |
| HIPAA | PII scrubbing designed for healthcare data. BAA available upon request. |
| GDPR | Data minimization via PII scrubbing. Right to deletion supported. |
| PCI-DSS | Credit card numbers scrubbed in Layer 1 (regex). No raw card data stored. |
Data Residency
Section titled “Data Residency”- Primary data storage: Cloud-hosted (region configurable)
- Hosted OpenClaw data: Remains within the OpenShell sandbox’s isolated filesystem; never transmitted to cloud without PII scrubbing
- Processed audio: Audio files are deleted after transcription (configurable retention)