Skip to main content

Our Security Standards

Harmony protects workspace data with encryption, role-based access controls, authentication safeguards, audit-oriented processes, and independent security review.

Encryption

  • In transit: Harmony uses encrypted HTTPS connections for data moving between clients, servers, and APIs.
  • At rest: Workspace data such as recordings, transcripts, and metadata is stored using encrypted infrastructure.
  • Payment data: Payment details are handled by Stripe. Harmony does not store raw card numbers or CVC values.

Access control

Harmony uses workspace roles and permissions to control who can see and change data.

Permissions use resource, action, and scope concepts. Depending on their role, a user may be limited to their own data, team data, or all workspace data.

Companion follows the same access model. It cannot use meetings, contacts, projects, or integration tools that the current user is not allowed to access.

Authentication

Harmony supports email/password sign-in and Google sign-in where configured. Workspace admins can manage users, roles, and teams from Workspace Settings.

Two-factor authentication and session management are handled from user preferences where available.

Infrastructure and monitoring

Harmony operates cloud-hosted infrastructure and uses security controls such as encryption, access management, operational monitoring, vulnerability management, and incident response processes.

Customers with formal vendor review requirements should request current security materials through their Harmony account team or security contact.

SOC 2 status

Harmony has completed a SOC 2 Type 1 independent service auditor’s report for Harmony Global Inc, dated March 15, 2026.

The report covers controls relevant to:

  • Security.
  • Confidentiality.
  • Availability.

This is a SOC 2 Type 1 report, which evaluates control design at a point in time. It should not be described as SOC 2 Type 2 certification.

Learn more about SOC 2 →

Compliance wording

Do not infer unrelated certifications or legal commitments from SOC 2. In particular, do not claim Harmony is SOC 2 Type 2 certified, ISO 27001 certified, HIPAA compliant, fully GDPR compliant as a standalone statement, self-hosted, or EU-only unless those terms are confirmed in the customer’s contract or current security/legal documentation.

Report a vulnerability

If you believe you have found a security issue, contact Harmony through the security channel used for vendor-security or responsible-disclosure requests.