Security Summary

Overview

ASSIST™ is designed with security as a foundational requirement, not an afterthought. This summary describes the technical and organizational measures in place to protect Customer Data and platform integrity. ASSIST™ is an early-stage platform; our security posture is evolving and will be updated as the platform matures.

Access Control

Customer Workspace access is controlled by account credentials managed by the Customer. Customers are responsible for designating Authorized Users and revoking access when users depart or no longer require access. ASSIST™ staff access to Customer Data is limited on a need-to-know basis for support and operational purposes. Multi-factor authentication for platform access is on our security roadmap.

Encryption

Data in transit is encrypted using TLS. Data at rest encryption is provided by our hosting infrastructure provider using standard cloud encryption practices. Specific details are maintained in internal documentation and available to Enterprise Customers under NDA.

Hosting and Infrastructure

The ASSIST™ platform is hosted on cloud infrastructure provided by third-party cloud providers. Specific hosting providers are maintained as internal operational documentation; disclosed to Enterprise Customers under NDA on request. ASSIST™ is designed so that each Customer's Workspace is logically isolated from other customer Workspaces.

Logging and Audit Trail

ASSIST™ is designed to log automated agent actions for auditability and accountability. Customers may access their own interaction logs and audit trail as part of the service. Logs are retained for a period consistent with operational, contractual, and legal obligations.

Incident Response

ASSIST™ maintains an internal incident response process for security events. Enterprise Customers will be notified of confirmed security incidents affecting their data within the timeframe required by applicable law and per the Data Processing Addendum. ASSIST™ will cooperate with Customers in meeting their own regulatory notification obligations.

Workspace Isolation

ASSIST™ is designed so that one Customer's data does not inform, configure, or become available to another Customer's agents. Workspace isolation is a design principle of the platform. Specific technical implementation details are maintained as internal documentation.

Vendor and Subprocessor Management

ASSIST™ evaluates third-party service providers for reasonable data handling practices before engagement. Subprocessors processing Customer Data are subject to contractual data protection obligations. Enterprise Customers are notified before new subprocessors are added that process their data.

Backups

Data backup practices are dependent on hosting infrastructure provider capabilities. Customer Data export is available at any time during the engagement and for a defined period post-termination. Formal backup and recovery SLAs are on our platform maturity roadmap.

Vulnerability Disclosure

ASSIST™ welcomes responsible security disclosures. Reports should be submitted through our legal page at poweredbyassist.com/legal with “Security Vulnerability” in the subject line. Reporters should not access Customer data or disclose publicly before coordinating with ASSIST™.

What We Do Not Claim

• ASSIST™ is not currently SOC 2 Type II certified (on our roadmap)
• ASSIST™ is not currently ISO 27001 certified
• ASSIST™ does not currently have a formal penetration testing program (on our roadmap)
• No absolute security guarantees are made; no system is perfectly secure

Security Roadmap

Planned security improvements include: SOC 2 Type II audit; formal penetration testing; multi-factor authentication for platform access; formal subprocessor list publication; dedicated security posture page on website.

Enterprise Security Inquiries

Enterprise Customers with specific security requirements — including requests for architecture details, subprocessor lists, or DPA execution — should contact ASSIST™ through our legal page at poweredbyassist.com/legal with “Security Inquiry” in the subject line.