Security is not a feature.
It's the architecture.
Dehurdle was designed from day one to pass enterprise security reviews. Zero-payload privacy means no employee private data ever reaches an LLM provider.
Compliance
Frameworks & Standards
SOC 2 Type II
Architecture designed to Trust Services Criteria across security, availability, processing integrity, confidentiality, and privacy.
ISO 27001
Information security management practices aligned with international standards for systematic risk management.
GDPR
Platform designed to EU General Data Protection Regulation standards, including data minimization, right to erasure, and DPO appointment.
India DPDP Act
Architecture aligned with India's Digital Personal Data Protection Act 2023, including consent management and cross-border transfer controls.
EU AI Act
AI subsystems classified by risk tier. High-risk components include human-in-the-loop escalation protocols.
Zero-Payload Architecture
What Data Goes Where
The coaching engine operates on its own conversational context. It never accesses employee emails, internal chats, or private work data.
Sends coaching message
Sanitizes input, prepares coaching context
Receives coaching context only — no emails, chats, or work data
Stores behavioral signals, returns coaching response
What We Never Access
- ✕Employee emails or inbox content
- ✕Internal Slack/Teams messages or channels
- ✕Documents, files, or shared drives
- ✕Calendar event content or attendee details
- ✕Browsing history or app usage data
- ✕Biometric data of any kind
What We Do Process
- Coaching conversations (within Dehurdle only)
- Behavioral signals from coaching interactions
- Goal and activity progress data
- Aggregated competency scores
- Consent-gated organizational insights
- Calendar metadata (time slots only — no content)
Infrastructure
Enterprise-Grade Foundation
Cloud Infrastructure
- Google Cloud Platform & AWS
- Data residency: user data stays in the user's region
- Regional hosting available per compliance requirements
- Automatic scaling and redundancy
- 99.9% uptime SLA
Encryption
- AES-256 encryption at rest
- TLS 1.3 in transit
- Per-organization encryption keys
- Integration tokens encrypted via AES-256-GCM
Audit & Governance
- Complete audit trail for all admin actions
- Immutable log storage
- Role-based access control (RBAC)
- Data export and deletion APIs
EU AI Act
AI Risk Classification
Every AI subsystem in Dehurdle is classified under the EU AI Act risk framework with appropriate safeguards.
| Subsystem | Risk Tier | Rationale | Safeguard |
|---|---|---|---|
| Pattern Classification | Low | Rule-based processing. No personal data processed. | Fully auditable decision logic. |
| Coaching Conversations | Limited | Direct user interaction with transparent AI identity. | Users informed they are interacting with AI. |
| Safety Monitoring | High | Safety-critical. Affects user wellbeing. | Mandatory human-in-the-loop escalation. |
| Development Analytics | High | Potential employment impact. | Consent-gated. Opt-in only. Aggregated when not consented. |
Security Review
Pass your security review.
Book a technical walkthrough with our team. We'll walk your CISO through the architecture in 30 minutes.
Book a Security Review