Trust & Assurance Center

This page serves as a comprehensive resource to showcase our dedication to compliance and security. Here, you can explore our certifications, request documentation, and review key details about the controls and standards we uphold.

At Hear, we are committed to building AI solutions that prioritize safety, transparency, and alignment with human values. As a leader in the industry, we understand the importance of maintaining secure and reliable practices in this ever-evolving field.

Compliance

ISO 27799

GDPR Compliance

ISO 27001

Resources

Hear PDA

ISO 27799

ISO 27001

Penetration Test Report

Security & Privacy Overview

Cloud Assessment Summary

Infrastructure security

Status

At Hear, we prioritize the security and resilience of our infrastructure to protect customer data and ensure uninterrupted service. Our services are hosted on Google Cloud Platform (GCP), leveraging its industry-leading infrastructure.

Data Center Security

Hosted in secure GCP data centers located in Tel Aviv, London, and the United States, ensuring geographic redundancy and physical protection.

Data Center Security

Hosted in secure GCP data centers located in Tel Aviv, London, and the United States, ensuring geographic redundancy and physical protection.

Network Architecture

Built using GCP best practices, including:
- Separation of public and private subnets.
- Firewalls enforce IP whitelisting and access through permitted ports only.
- Web Application Firewalls (WAF) to block application-level attacks dynamically.

Proactive Monitoring

Using advanced tools like DataDog, we monitor performance and detect anomalies in real time, mitigating threats promptly.

Disaster Recovery and Business Continuity

Disaster recovery plans are tested regularly. Data recovery mechanisms ensure minimal downtime, with recovery times measured in hours.

Vulnerability Management

Status

Regular Penetration Testing

Independent third-party penetration tests are conducted annually, with results reviewed and all high-severity issues resolved immediately.

Vulnerability Scoring

Vulnerabilities are categorized by severity (Critical, High, Medium, Low) with strict timelines for resolution.

Transparent Remediation

Customers can request a summary of resolved vulnerabilities and Hear's remediation processes.

Compliance and Certifications

Status

ISO Certifications

We are certified for ISO 27001 (Information Security Management Systems) and ISO 27799 (Healthcare Data Security).

ISO Certifications

We adhere to cross-border data transfer protocols under the EU-US Data Privacy Framework.

Independent Audits

Annual audits validate our compliance with industry standards. Summaries of these audits are available upon request.

System Availability and Uptime

Status

Real-Time Status Page

We are certified for ISO 27001 (Information Security Management Systems) and ISO 27799 (Healthcare Data Security).

Service-Level Agreement (SLA)

We adhere to cross-border data transfer protocols under the EU-US Data Privacy Framework.

Customer Data Controls

Status

Granular Data Access Controls

Customers can restrict access by role, geography, and IP address.

Encryption Standards

Customers retain full control over their data, with options to modify, export, or delete it at any time. Deleted data undergoes a 30-day rollback period before permanent deletion.

Data Retention and Deletion Policies

Customers retain full control over their data, with options to modify, export, or delete it at any time. Deleted data undergoes a 30-day rollback period before permanent deletion.

Proactive Security Roadmap

Status

Continuous Improvement

Expanding our certifications to include SOC 2 and ISO 22301 (Business Continuity Management).

Launching a real-time trust dashboard with incident reports and transparency tools.

Enhancing customer-facing security documentation, including FAQs and whitepapers.

Vendor and Supply Chain Security

Status

Vendor Evaluations

Customers can restrict access by role, geography, and IP address.

Ongoing Reviews

Customers retain full control over their data, with options to modify, export, or delete it at any time. Deleted data undergoes a 30-day rollback period before permanent deletion.

Incident Response

Status

Incidents are detected through advanced monitoring systems, and customers are notified within hours of discovery.

Detection and Notification

Incidents are detected through advanced monitoring systems, and customers are notified within hours of discovery.

Incident Escalation

A dedicated response team investigates, mitigates, and conducts a post-incident review.