Security Policy

Effective Date: October 1, 2025

HaileyAI Corporation (“HaileyAI,” “we,” “us,” or “our”) is committed to protecting the confidentiality, integrity, and availability of customer data. This Security Policy provides an overview of our practices and controls designed to safeguard information processed through our services.

1. Governance and Oversight
HaileyAI maintains an internal security program overseen by designated security leadership. Our policies and practices are reviewed on at least an annual basis to ensure they remain aligned with industry standards, evolving regulations, and customer needs. All personnel with access to customer data receive regular training on data security and privacy.

2. Data Security Controls
HaileyAI employs multiple layers of technical and organizational safeguards to protect customer information. All customer data is encrypted in transit using TLS 1.2 or higher and at rest using AES-256 or equivalent. Customer data is tokenized prior to sub-processor interaction, and HaileyAI alone retains ownership of the encryption keys. Personal data is never released in clear text except as necessary for large language model processing, which is handled securely and re-tokenized immediately afterwards. Role-based access controls are enforced, requiring strong authentication for authorized personnel. Access is granted on the principle of least privilege and promptly revoked upon role changes or termination. HaileyAI systems are continuously monitored for vulnerabilities and suspicious activity, and security patches are applied on a timely basis.

3. Subprocessors
HaileyAI may engage carefully vetted subprocessors to support service delivery, including hosting, backups, analytics, and AI processing. All subprocessors are contractually bound to security and confidentiality standards at least as rigorous as those maintained by HaileyAI. Data shared with subprocessors is encrypted, tokenized, and restricted to the minimum necessary for service fulfillment.

4. Data Residency
All customer data is stored and processed exclusively within the United States. HaileyAI does not transfer customer data outside the United States. If this position changes, customers will be notified in advance and this Security Policy will be updated accordingly.

5. Business Continuity and Disaster Recovery
HaileyAI infrastructure is designed for resiliency. We maintain redundant systems, secure backups, and recovery procedures to minimize the risk of data loss or service interruption. Recovery time and retention periods may vary by customer contract, but HaileyAI is committed to ensuring continuity of service and prompt restoration in the event of an incident.

6. Incident Response
HaileyAI maintains an internal incident response process to detect, contain, and remediate security events. In the event of a data breach or incident affecting customer data, HaileyAI will notify affected customers without undue delay and provide updates as investigation and remediation progress.

7. Compliance and Legal Obligations
HaileyAI complies with applicable United States federal and state privacy, data protection, and AI-specific laws, including California regulations such as the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), Assembly Bill 1008, and other similar frameworks. HaileyAI will continue to update its policies and practices to align with evolving legal requirements.

8. Questions or Concerns
If you have questions about HaileyAI’s security practices or need to report a concern, you may contact us at: security@gohailey.ai