Data Security & Privacy
Data security, privacy, and compliance
Agentnoon is committed to protecting your organizational data with industry-leading security practices, compliance certifications, and transparent privacy policies.
Security Certifications & Compliance
Agentnoon maintains rigorous security standards and complies with major data protection regulations:
Compliance Certifications
SOC 2 Compliant
Independent third-party audit of security controls
Validates security, availability, and confidentiality
Annual audits ensure continued compliance
GDPR Compliant
Full compliance with EU General Data Protection Regulation
Data subject rights fully supported
Privacy by design and by default
ISO 27001 Certified
International standard for information security management
Systematic approach to managing sensitive data
Regular audits and continuous improvement
Data Encryption
Agentnoon protects your data using industry-standard encryption at every stage.
Encryption at Rest
All data encrypted at rest:
Customer data stored with industry-standard encryption
Database encryption enabled
File storage encrypted
Backup data encrypted
Encryption in Transit
All data encrypted in transit:
TLS 1.2+ encryption for all connections
HTTPS enforced across the platform
Secure API communications
Encrypted data transfers during integrations
Encryption standards:
Industry-standard encryption algorithms
Regular security updates and patches
Cryptographic key management best practices
Access Controls & Authentication
Agentnoon provides robust access controls to ensure only authorized users can access your data.
Authentication Options
Single Sign-On (SSO):
SAML 2.0 support
Integration with Okta, Azure AD, Google Workspace
Centralized identity management
Multi-Factor Authentication (MFA):
Optional MFA for additional security
Reduces risk of unauthorized access
Support for authenticator apps
Access Management
Role-Based Access Control (RBAC):
Admin, user, and custom roles
Granular permissions per role
Field-level access controls
Access Groups:
Scope access by department, location, or custom attributes
Control who can view, edit, or export data
Flexible permission configurations
Session Management
Automatic session security:
Auto-timeout after period of inactivity
Secure session handling
Session invalidation on logout
Audit Logging
Agentnoon tracks user activity to maintain security and accountability.
What is logged:
User login and logout events
Data access (who viewed what)
Data modifications (who changed what)
Export activities
Admin actions
Permission changes
Audit log features:
Timestamps for all events
User identification
Action details
Available to administrators
Use cases:
Security investigations
Compliance audits
Troubleshooting access issues
Understanding data changes
Data Privacy
Data Ownership
Your data is yours:
You own your organizational data
Agentnoon processes data on your behalf
You control who accesses your data
You can export or delete your data at any time
Data Retention Policy
Data lifecycle:
Data retained while your account is active
Data retained for 30 days after account termination
After 30 days, all customer data is permanently deleted
Backups purged after retention period
Right to Deletion (GDPR)
Data deletion supported:
Customers can request data deletion at any time
Data removed within 30 days of termination
Permanent deletion of all customer data
Confirmation provided upon completion
Data Export for Compliance
Export your data anytime:
Export organizational data to CSV or Excel
Export user lists and permissions
Export audit logs
Self-service export via platform
API access for automated exports
Infrastructure & Data Residency
Cloud Platform
Agentnoon:
Hosted on Google Cloud Platform (GCP)
Enterprise-grade infrastructure
99.9%+ uptime SLA
Automated backups and disaster recovery
Dayforce SWP:
Hosted on Microsoft Azure
Redundant infrastructure
High availability and performance
Data Residency Options
Global infrastructure:
Agentnoon offers data residency in multiple regions to support data sovereignty requirements:
United States (US)
European Union (EU)
Australia (AUS)
United Arab Emirates (UAE)
Benefits:
Comply with local data protection laws
Reduce latency for global teams
Meet data residency requirements
Note: Contact your account manager to configure data residency for your organization.
Security Best Practices for Users
To maximize security, we recommend:
For Administrators
Enable SSO - Centralize identity management
Require MFA - Add extra layer of security
Configure access groups - Limit access to need-to-know basis
Review audit logs regularly - Monitor for unusual activity
Limit admin permissions - Only assign admin role when necessary
Use strong passwords - If not using SSO, enforce password policies
For All Users
Use strong, unique passwords - Never reuse passwords
Enable MFA on your account - If available
Log out after sessions - Especially on shared computers
Don't share credentials - Each user should have their own account
Report suspicious activity - Contact admin or support immediately
Be cautious with exports - Exported data contains sensitive information
Third-Party Security
Integrations
Security for data integrations:
Encrypted connections to HRIS systems (Workday, BambooHR, ADP)
Secure SFTP transfers
API authentication and authorization
Regular security reviews of integration partners
Vendors & Subprocessors
Agentnoon's vendor management:
Security assessment of all vendors
Data Processing Agreements (DPAs) in place
Regular vendor security reviews
Compliance with GDPR Article 28 (processor requirements)
Vulnerability Management
Proactive security:
Regular security assessments and penetration testing
Vulnerability scanning and remediation
Security patch management
Bug bounty program (if applicable)
Responsible disclosure:
Security researchers can report vulnerabilities
Coordinated disclosure process
Timely patches for identified issues
Incident Response
Security Incident Procedures
In the event of a security incident:
Detection - Security monitoring and alerting
Assessment - Evaluate scope and impact
Containment - Stop the incident from spreading
Resolution - Remediate the root cause
Notification - Communicate to affected customers
Post-mortem - Learn and improve
Breach Notification
Transparency commitment:
Notify affected customers promptly
Provide details on incident scope and impact
Explain remediation steps taken
Comply with GDPR breach notification requirements (72 hours)
Reporting Security Concerns
If you discover a security vulnerability or have security concerns:
Contact: [email protected]
Include:
Description of the issue
Steps to reproduce (if applicable)
Potential impact
Your contact information
Response time: We aim to respond to security reports within 24-48 hours.
Frequently Asked Questions
Is my data encrypted?
Yes, all data is encrypted both at rest (in storage) and in transit (during transmission).
Can I choose where my data is stored?
Yes, Agentnoon offers data residency in US, EU, Australia, and UAE regions. Contact your account manager to configure.
What happens to my data if I cancel my account?
Data is retained for 30 days after account termination, then permanently deleted.
Can I export all my data?
Yes, you can export your organizational data, user lists, and audit logs at any time via the platform or API.
Is Agentnoon GDPR compliant?
Yes, Agentnoon is fully GDPR compliant and supports all data subject rights.
Do you have SOC 2?
Yes, Agentnoon is SOC 2 compliant with annual audits.
Can I get a copy of your security certifications?
Yes, contact your account manager or [email protected] to request security documentation.
Additional Resources
Authentication & IAM - SSO and MFA setup
Access Control Overview - Managing user permissions
Data Management - Secure data import practices
Support & How to Self-Help - General support resources
Last updated: February 2026 Security documentation version: 1.0
Last updated
Was this helpful?