SOC 2 Type II aligned, HIPAA-ready BAAs available, GDPR-aligned data processing. SSO/SAML, RBAC, tamper-evident audit logs. On-premises and private cloud deployment.
Agent evaluation data — transcripts, tool traces, retrieval payloads, agent responses, juror reasoning, findings — are processed inside your tenant boundary on the enterprise Platform. The open-source Harness runs entirely locally; no data leaves your infrastructure. We do not train models on customer agent data, do not retain transcripts beyond the customer's configured retention policy, and do not share evaluation content with third parties.
TLS 1.2+ for all data in transit. AES-256 for data at rest. SSO via SAML 2.0 / OIDC. Role-based access control with principle-of-least-privilege defaults. Tamper-evident audit logs of every evaluation run, configuration change, and data access event. Optional customer-managed encryption keys (CMEK) on Enterprise.
SOC 2 Type II aligned controls across security, availability, confidentiality, processing integrity, and privacy criteria. HIPAA-ready Business Associate Agreements available for healthcare customers. GDPR-aligned data processing addendum standard. Schrems II-compliant transfer mechanisms for EU customers. Annual third-party penetration testing.
US-hosted SaaS by default. EU-hosted SaaS available. Private cloud deployment in your AWS, GCP, or Azure tenant. Fully on-premises deployment for regulated workloads (defense, finance, healthcare). Air-gapped operation supported via local Harness LLM models (Ollama, vLLM, mlx).