# Data Security & Privacy

Agentnoon is committed to protecting your organizational data with industry-leading security practices, compliance certifications, and transparent privacy policies.

## Security Certifications & Compliance

Agentnoon maintains rigorous security standards and complies with major data protection regulations:

### Compliance Certifications

**SOC 2 Compliant**

* Independent third-party audit of security controls
* Validates security, availability, and confidentiality
* Annual audits ensure continued compliance

**GDPR Compliant**

* Full compliance with EU General Data Protection Regulation
* Data subject rights fully supported
* Privacy by design and by default

**ISO 27001 Certified**

* International standard for information security management
* Systematic approach to managing sensitive data
* Regular audits and continuous improvement

## Data Encryption

Agentnoon protects your data using industry-standard encryption at every stage.

### Encryption at Rest

**All data encrypted at rest:**

* Customer data stored with industry-standard encryption
* Database encryption enabled
* File storage encrypted
* Backup data encrypted

### Encryption in Transit

**All data encrypted in transit:**

* TLS 1.2+ encryption for all connections
* HTTPS enforced across the platform
* Secure API communications
* Encrypted data transfers during integrations

**Encryption standards:**

* Industry-standard encryption algorithms
* Regular security updates and patches
* Cryptographic key management best practices

## Access Controls & Authentication

Agentnoon provides robust access controls to ensure only authorized users can access your data.

### Authentication Options

**Single Sign-On (SSO):**

* SAML 2.0 support
* Integration with Okta, Azure AD, Google Workspace
* Centralized identity management

**Multi-Factor Authentication (MFA):**

* Optional MFA for additional security
* Reduces risk of unauthorized access
* Support for authenticator apps

### Access Management

**Role-Based Access Control (RBAC):**

* Admin, user, and custom roles
* Granular permissions per role
* Field-level access controls

**Access Groups:**

* Scope access by department, location, or custom attributes
* Control who can view, edit, or export data
* Flexible permission configurations

### Session Management

**Automatic session security:**

* Auto-timeout after period of inactivity
* Secure session handling
* Session invalidation on logout

## Audit Logging

Agentnoon tracks user activity to maintain security and accountability.

**What is logged:**

* User login and logout events
* Data access (who viewed what)
* Data modifications (who changed what)
* Export activities
* Admin actions
* Permission changes

**Audit log features:**

* Timestamps for all events
* User identification
* Action details
* Available to administrators

**Use cases:**

* Security investigations
* Compliance audits
* Troubleshooting access issues
* Understanding data changes

## Data Privacy

### Data Ownership

**Your data is yours:**

* You own your organizational data
* Agentnoon processes data on your behalf
* You control who accesses your data
* You can export or delete your data at any time

### Data Retention Policy

**Data lifecycle:**

* Data retained while your account is active
* Data retained for **30 days after account termination**
* After 30 days, all customer data is permanently deleted
* Backups purged after retention period

### Right to Deletion (GDPR)

**Data deletion supported:**

* Customers can request data deletion at any time
* Data removed within 30 days of termination
* Permanent deletion of all customer data
* Confirmation provided upon completion

### Data Export for Compliance

**Export your data anytime:**

* Export organizational data to CSV or Excel
* Export user lists and permissions
* Export audit logs
* Self-service export via platform
* API access for automated exports

## Infrastructure & Data Residency

### Cloud Platform

**Agentnoon:**

* Hosted on **Google Cloud Platform (GCP)**
* Enterprise-grade infrastructure
* 99.9%+ uptime SLA
* Automated backups and disaster recovery

**Dayforce SWP:**

* Hosted on **Microsoft Azure**
* Redundant infrastructure
* High availability and performance

### Data Residency Options

**Global infrastructure:**

Agentnoon offers data residency in multiple regions to support data sovereignty requirements:

* **United States** (US)
* **European Union** (EU)
* **Australia** (AUS)
* **United Arab Emirates** (UAE)

**Benefits:**

* Comply with local data protection laws
* Reduce latency for global teams
* Meet data residency requirements

**Note:** Contact your account manager to configure data residency for your organization.

## Security Best Practices for Users

To maximize security, we recommend:

### For Administrators

1. **Enable SSO** - Centralize identity management
2. **Require MFA** - Add extra layer of security
3. **Configure access groups** - Limit access to need-to-know basis
4. **Review audit logs regularly** - Monitor for unusual activity
5. **Limit admin permissions** - Only assign admin role when necessary
6. **Use strong passwords** - If not using SSO, enforce password policies

### For All Users

1. **Use strong, unique passwords** - Never reuse passwords
2. **Enable MFA on your account** - If available
3. **Log out after sessions** - Especially on shared computers
4. **Don't share credentials** - Each user should have their own account
5. **Report suspicious activity** - Contact admin or support immediately
6. **Be cautious with exports** - Exported data contains sensitive information

## Third-Party Security

### Integrations

**Security for data integrations:**

* Encrypted connections to HRIS systems (Workday, BambooHR, ADP)
* Secure SFTP transfers
* API authentication and authorization
* Regular security reviews of integration partners

### Vendors & Subprocessors

**Agentnoon's vendor management:**

* Security assessment of all vendors
* Data Processing Agreements (DPAs) in place
* Regular vendor security reviews
* Compliance with GDPR Article 28 (processor requirements)

## Vulnerability Management

**Proactive security:**

* Regular security assessments and penetration testing
* Vulnerability scanning and remediation
* Security patch management
* Bug bounty program (if applicable)

**Responsible disclosure:**

* Security researchers can report vulnerabilities
* Coordinated disclosure process
* Timely patches for identified issues

## Incident Response

### Security Incident Procedures

In the event of a security incident:

1. **Detection** - Security monitoring and alerting
2. **Assessment** - Evaluate scope and impact
3. **Containment** - Stop the incident from spreading
4. **Resolution** - Remediate the root cause
5. **Notification** - Communicate to affected customers
6. **Post-mortem** - Learn and improve

### Breach Notification

**Transparency commitment:**

* Notify affected customers promptly
* Provide details on incident scope and impact
* Explain remediation steps taken
* Comply with GDPR breach notification requirements (72 hours)

## Reporting Security Concerns

If you discover a security vulnerability or have security concerns:

**Contact:** <SupportSWP@dayforce.com>

**Include:**

* Description of the issue
* Steps to reproduce (if applicable)
* Potential impact
* Your contact information

**Response time:** We aim to respond to security reports within 24-48 hours.

## Frequently Asked Questions

### Is my data encrypted?

Yes, all data is encrypted both at rest (in storage) and in transit (during transmission).

### Can I choose where my data is stored?

Yes, Agentnoon offers data residency in US, EU, Australia, and UAE regions. Contact your account manager to configure.

### What happens to my data if I cancel my account?

Data is retained for 30 days after account termination, then permanently deleted.

### Can I export all my data?

Yes, you can export your organizational data, user lists, and audit logs at any time via the platform or API.

### Is Agentnoon GDPR compliant?

Yes, Agentnoon is fully GDPR compliant and supports all data subject rights.

### Do you have SOC 2?

Yes, Agentnoon is SOC 2 compliant with annual audits.

### Can I get a copy of your security certifications?

Yes, contact your account manager or <SupportSWP@dayforce.com> to request security documentation.

## Additional Resources

* [Authentication & IAM](https://docs.agentnoon.com/technical-documentation/authentication-and-identity-security) - SSO and MFA setup
* [Access Control Overview](https://github.com/Productao/gitbook/blob/docs/help-center-refresh-2026/admin/access-control/overview.md) - Managing user permissions
* [Data Management](https://github.com/Productao/gitbook/blob/docs/help-center-refresh-2026/admin/data-management/data-import.md) - Secure data import practices
* [Support & How to Self-Help](https://docs.agentnoon.com/start-here/support-self-help) - General support resources

***

**Last updated:** February 2026 **Security documentation version:** 1.0