[ Trust & Security ]

Built to be trusted with the work that matters.

Headways sits close to how your team gets work done. That means we hold ourselves to the standards of the platforms you already trust with the same data. Below is a summary of how we protect customer data, and a link to our live Trust Center where you can review every control, request documents, and subscribe to updates.

Open Trust Center Contact security

How we protect your data

SOC 2 Type II

Independently audited controls covering security, availability, and confidentiality. Full report available under NDA via the Trust Center.

Continuous monitoring

Every control is monitored in real time by Vanta. Drift is detected and remediated, not discovered at audit time.

Encryption everywhere

TLS 1.3 in transit. AES-256 at rest. Customer data is logically isolated per organization with row-level security.

Least-privilege access

Employee access to production is SSO + hardware-key MFA, scoped by role, logged, and reviewed quarterly.

Vendor & subprocessor review

Every subprocessor is documented in the Trust Center with the data they receive and why. Customers are notified before new ones are added.

Incident response

Documented IR plan tested annually. Customers are notified without undue delay of any incident affecting their data.

Documents & reports

The following are available through the Trust Center. Most require a signed NDA, which you can sign in-line during the request.

SOC 2 Type II reportRequest →
Information Security PolicyRequest →
Data Management PolicyRequest →
Incident Response PlanRequest →
Business Continuity & Disaster Recovery PlanRequest →
Subprocessor listRequest →
Penetration test summaryRequest →

Reporting a security issue

If you believe you've found a security vulnerability in any Headways product or service, please email security@headways.ai. We'll acknowledge your report within one business day and keep you updated through resolution.