Security
Security for the most confidential information.
Herfindahl is built for high-stakes work where confidentiality and defensibility are non-negotiable. The product is designed to keep data where it belongs, enforce permissions strictly, and make actions traceable, reviewable, and auditable.
Secure by default. Built in.
Security isn’t an add-on in Herfindahl—it’s built into the product from the ground up. We enforce four principles strictly: keep data where it belongs, enforce permissions rigorously, make actions reviewable, and let customers choose the deployment model that fits their environment.
Trusted data storage
Local-first workspaces
Case files stay in your workspace; Herfindahl doesn’t collect your project into the cloud by default.
Clear boundaries
The product operates within explicitly selected workspaces to reduce accidental cross-case leakage.
Flexible inference routing
Route inference through infrastructure operated by your organization, or use a secure Herfindahl-managed endpoint.
Configurable logging
Supports policies that avoid storing prompts and outputs, keeping logs focused on operational metadata.
No training on case content
Herfindahl does not use your files, prompts, or outputs to train models. Customer-controlled deployment models keep content private and segregated under your organization’s control.
Controls that map to real risk
Least-privilege by design
The assistant can only use the capabilities you expose in your environment.
Human-in-the-loop execution
Sensitive actions require explicit confirmation before they execute.
Encryption & transport security
Protect data in transit and apply encryption at rest where data is stored.
Enterprise authentication
Supports integration with enterprise SSO and modern authentication approaches for controlled environments.
Enterprise assurance
We provide comprehensive security documentation and share security certifications and third-party penetration testing reports with enterprise customers.
Your data. Your decisions.
You maintain control over your data at every step.
Data retention
Case content stays in your workspace, so retention follows your organization’s policies. Logging can be configured to avoid storing prompts and outputs.
Data governance
Explicit workspace scoping and strict permissions help keep work separated by case, with actions designed to be traceable, reviewable, and auditable.
Encryption management
Protect data in transit and apply encryption at rest where data is stored, aligned with the deployment model and infrastructure you choose.
User authentication
SSO integration lets you centrally manage authentication and access management using your identity provider.
FAQ
Where is case data stored?
Only on your machines. Herfindahl is designed for local-first execution and controlled deployment models that keep case data fully under your organization’s control.
Can we restrict where inference happens?
Yes. Herfindahl supports fully customer-controlled routing for LLM inference, including restricting inference to the EU.
Is data from different cases handled separately?
Yes. Herfindahl is designed from the ground up to keep data from different cases completely separate, preventing cross-case leakage.
Do you train on customer data?
No. Herfindahl does not use your files, prompts, or outputs to train models. Under our customer-controlled deployment models, data remains entirely within your controlled environments and is never processed by us.
Serious about security?
Book a demo to see Herfindahl in action.