Security & data handling
Handsom connects to your support and commerce systems to prepare internal support briefs. This page summarizes how access, credentials, model routing, approvals, and audit logs are handled.
Scoped access
Agents receive only the integration methods they are granted.
Encrypted credentials
Sensitive integration keys are encrypted before storage.
Approval gates
Sensitive writes can require human approval before execution.
Audit logs
Tool calls and approval outcomes are recorded for review.
Control summary
The table below is intended for security and IT review. We keep it specific so teams can quickly identify which controls are relevant to their approval process.
Data processed
Handsom processes the minimum context needed to investigate a configured support case and prepare an internal note or proposed action. Exact fields depend on the integrations connected and the agent permissions granted.
Typical categories
AI provider policy
Model selection is part of the security posture. For customer support data, Handsom can be configured to prefer approved providers and policies rather than routing through an unrestricted provider pool.
Review points
- 01Provider selection can be restricted for customer-data workloads.
- 02No-training and zero-retention routes should be used where the provider supports them.
- 03Provider, model, token usage, and cost can be captured for operational review.
- 04Direct model-provider contracts can be evaluated for higher-volume customers that need stronger SLA or residency commitments.
Audit and evidence
Every support brief should be backed by source records where possible. Audit rows record tool execution and gate outcomes so customers can review what Handsom accessed and what action was taken.
Compliance status
Handsom is early and is not yet SOC 2 certified. We are building toward a stronger formal security program and can share current controls with design partners during vendor review.
Have questions?
We can walk through integration scopes, model-provider routing, data retention, audit logs, and approval settings before you connect production systems.