Primary certification
SOC 2 Type II
Hosting
AWS (U.S. regions)
Encryption
AES-256 + TLS 1.3
Identity controls
RBAC, MFA, SSO
SOC 2 Type II
Independent assurance is a core control for enterprise procurement review.
Compliance frameworks and certifications relevant to US and Canadian customers.
HelloGrowthCRM maintains SOC 2 Type II certification. Report available under NDA — email sales@hellogrowthcrm.com
California Consumer Privacy Act. US-based customers have full data subject rights including access, deletion, and portability. Data Processing Addendum available.
HelloGrowthCRM can support HIPAA-compliant deployments for healthcare customers with a signed BAA. Contact sales for BAA terms.
Our web application targets WCAG 2.1 Level AA for US accessibility compliance. Accessibility statement at /legal/accessibility.
Data is stored in Supabase (AWS us-east-1) with Cloudflare edge caching. US customers' data never leaves North American data centers.
Request trust documentation, ask compliance questions, or start a security review.
HelloGrowthCRM AI agents operate within a configurable safety framework. Every agent action is logged, reversible, and bounded by per-agent limits you configure.
Three autonomy levels
Autonomous, Supervised, and Assistive. You choose the level per agent — from fully hands-off to recommendation-only.
Per-agent action limits
Set daily call limits, spend caps, and volume thresholds. Agents cannot exceed configured boundaries.
Full audit trail
Every agent action is logged with timestamp, agent identity, and data changed. Immutable record for compliance review.
One-click pause
Any agent can be paused instantly from admin settings without affecting other automations or workflows.
PII masking
Raw contact data can be masked from agent-accessible logs and AI client responses via MCP scope settings.
Human-in-the-loop gates
Supervised agents stage actions for human approval before committing. No autonomous action without explicit configuration.