# Data Security & Privacy

Agentnoon is committed to protecting your organizational data with industry-leading security practices, compliance certifications, and transparent privacy policies.

## Security Certifications & Compliance

Agentnoon maintains rigorous security standards and complies with major data protection regulations:

### Compliance Certifications

**SOC 2 Compliant**

* Independent third-party audit of security controls
* Validates security, availability, and confidentiality
* Annual audits ensure continued compliance

**GDPR Compliant**

* Full compliance with EU General Data Protection Regulation
* Data subject rights fully supported
* Privacy by design and by default

**ISO 27001 Certified**

* International standard for information security management
* Systematic approach to managing sensitive data
* Regular audits and continuous improvement

## Data Encryption

Agentnoon protects your data using industry-standard encryption at every stage.

### Encryption at Rest

**All data encrypted at rest:**

* Customer data stored with industry-standard encryption
* Database encryption enabled
* File storage encrypted
* Backup data encrypted

### Encryption in Transit

**All data encrypted in transit:**

* TLS 1.2+ encryption for all connections
* HTTPS enforced across the platform
* Secure API communications
* Encrypted data transfers during integrations

**Encryption standards:**

* Industry-standard encryption algorithms
* Regular security updates and patches
* Cryptographic key management best practices

## Access Controls & Authentication

Agentnoon provides robust access controls to ensure only authorized users can access your data.

### Authentication Options

**Single Sign-On (SSO):**

* SAML 2.0 support
* Integration with Okta, Azure AD, Google Workspace
* Centralized identity management

**Multi-Factor Authentication (MFA):**

* Optional MFA for additional security
* Reduces risk of unauthorized access
* Support for authenticator apps

### Access Management

**Role-Based Access Control (RBAC):**

* Admin, user, and custom roles
* Granular permissions per role
* Field-level access controls

**Access Groups:**

* Scope access by department, location, or custom attributes
* Control who can view, edit, or export data
* Flexible permission configurations

### Session Management

**Automatic session security:**

* Auto-timeout after period of inactivity
* Secure session handling
* Session invalidation on logout

## Audit Logging

Agentnoon tracks user activity to maintain security and accountability.

**What is logged:**

* User login and logout events
* Data access (who viewed what)
* Data modifications (who changed what)
* Export activities
* Admin actions
* Permission changes

**Audit log features:**

* Timestamps for all events
* User identification
* Action details
* Available to administrators

**Use cases:**

* Security investigations
* Compliance audits
* Troubleshooting access issues
* Understanding data changes

## Data Privacy

### Data Ownership

**Your data is yours:**

* You own your organizational data
* Agentnoon processes data on your behalf
* You control who accesses your data
* You can export or delete your data at any time

### Data Retention Policy

**Data lifecycle:**

* Data retained while your account is active
* Data retained for **30 days after account termination**
* After 30 days, all customer data is permanently deleted
* Backups purged after retention period

### Right to Deletion (GDPR)

**Data deletion supported:**

* Customers can request data deletion at any time
* Data removed within 30 days of termination
* Permanent deletion of all customer data
* Confirmation provided upon completion

### Data Export for Compliance

**Export your data anytime:**

* Export organizational data to CSV or Excel
* Export user lists and permissions
* Export audit logs
* Self-service export via platform
* API access for automated exports

## Infrastructure & Data Residency

### Cloud Platform

**Agentnoon:**

* Hosted on **Google Cloud Platform (GCP)**
* Enterprise-grade infrastructure
* 99.9%+ uptime SLA
* Automated backups and disaster recovery

**Dayforce SWP:**

* Hosted on **Microsoft Azure**
* Redundant infrastructure
* High availability and performance

### Data Residency Options

**Global infrastructure:**

Agentnoon offers data residency in multiple regions to support data sovereignty requirements:

* **United States** (US)
* **European Union** (EU)
* **Australia** (AUS)
* **United Arab Emirates** (UAE)

**Benefits:**

* Comply with local data protection laws
* Reduce latency for global teams
* Meet data residency requirements

**Note:** Contact your account manager to configure data residency for your organization.

## Security Best Practices for Users

To maximize security, we recommend:

### For Administrators

1. **Enable SSO** - Centralize identity management
2. **Require MFA** - Add extra layer of security
3. **Configure access groups** - Limit access to need-to-know basis
4. **Review audit logs regularly** - Monitor for unusual activity
5. **Limit admin permissions** - Only assign admin role when necessary
6. **Use strong passwords** - If not using SSO, enforce password policies

### For All Users

1. **Use strong, unique passwords** - Never reuse passwords
2. **Enable MFA on your account** - If available
3. **Log out after sessions** - Especially on shared computers
4. **Don't share credentials** - Each user should have their own account
5. **Report suspicious activity** - Contact admin or support immediately
6. **Be cautious with exports** - Exported data contains sensitive information

## Third-Party Security

### Integrations

**Security for data integrations:**

* Encrypted connections to HRIS systems (Workday, BambooHR, ADP)
* Secure SFTP transfers
* API authentication and authorization
* Regular security reviews of integration partners

### Vendors & Subprocessors

**Agentnoon's vendor management:**

* Security assessment of all vendors
* Data Processing Agreements (DPAs) in place
* Regular vendor security reviews
* Compliance with GDPR Article 28 (processor requirements)

## Vulnerability Management

**Proactive security:**

* Regular security assessments and penetration testing
* Vulnerability scanning and remediation
* Security patch management
* Bug bounty program (if applicable)

**Responsible disclosure:**

* Security researchers can report vulnerabilities
* Coordinated disclosure process
* Timely patches for identified issues

## Incident Response

### Security Incident Procedures

In the event of a security incident:

1. **Detection** - Security monitoring and alerting
2. **Assessment** - Evaluate scope and impact
3. **Containment** - Stop the incident from spreading
4. **Resolution** - Remediate the root cause
5. **Notification** - Communicate to affected customers
6. **Post-mortem** - Learn and improve

### Breach Notification

**Transparency commitment:**

* Notify affected customers promptly
* Provide details on incident scope and impact
* Explain remediation steps taken
* Comply with GDPR breach notification requirements (72 hours)

## Reporting Security Concerns

If you discover a security vulnerability or have security concerns:

**Contact:** <SupportSWP@dayforce.com>

**Include:**

* Description of the issue
* Steps to reproduce (if applicable)
* Potential impact
* Your contact information

**Response time:** We aim to respond to security reports within 24-48 hours.

## Frequently Asked Questions

### Is my data encrypted?

Yes, all data is encrypted both at rest (in storage) and in transit (during transmission).

### Can I choose where my data is stored?

Yes, Agentnoon offers data residency in US, EU, Australia, and UAE regions. Contact your account manager to configure.

### What happens to my data if I cancel my account?

Data is retained for 30 days after account termination, then permanently deleted.

### Can I export all my data?

Yes, you can export your organizational data, user lists, and audit logs at any time via the platform or API.

### Is Agentnoon GDPR compliant?

Yes, Agentnoon is fully GDPR compliant and supports all data subject rights.

### Do you have SOC 2?

Yes, Agentnoon is SOC 2 compliant with annual audits.

### Can I get a copy of your security certifications?

Yes, contact your account manager or <SupportSWP@dayforce.com> to request security documentation.

## Additional Resources

* [Authentication & IAM](/technical-documentation/authentication-and-identity-security.md) - SSO and MFA setup
* [Access Control Overview](https://github.com/Productao/gitbook/blob/docs/help-center-refresh-2026/admin/access-control/overview.md) - Managing user permissions
* [Data Management](https://github.com/Productao/gitbook/blob/docs/help-center-refresh-2026/admin/data-management/data-import.md) - Secure data import practices
* [Support & How to Self-Help](/start-here/support-self-help.md) - General support resources

***

**Last updated:** February 2026 **Security documentation version:** 1.0


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.agentnoon.com/technical-documentation/data-security-privacy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.