Trust Center

This page collects security and compliance resources for vendor review. It is different from the in-app Workspace Settings > Trust Center page, which shows an insight Trust Score for your workspace.

Security documentation

Customers can request current security and compliance documentation through their Harmony account team or the security contact used for vendor-security reviews.

When conducting a security or compliance review with Harmony, you can request a variety of documents through your Harmony account team or the designated security contact. One of the core documents available is the SOC 2 Type 1 independent auditor’s report, which covers Harmony Global Inc as of March 15, 2026, and addresses controls related to Security, Confidentiality, and Availability. This report demonstrates that Harmony has designed and implemented controls in accordance with the SOC 2 framework at a specific point in time.

In addition to the SOC 2 Type 1 report, customers may inquire about penetration test results or a security summary. These documents, where available, are typically shared through the relevant vendor-review process and may be subject to additional confidentiality or non-disclosure agreements, depending on the nature of the request.

If your organization requires a Data Processing Agreement (DPA), this is managed through Harmony’s legal or account-team processes. The DPA outlines Harmony’s obligations as a data processor, specifies its sub-processors, and describes the mechanisms in place for data protection and regulatory compliance. Subprocessor information—including the current list of third-party providers and partners to whom personal or confidential data may be disclosed in the course of service delivery—is available as part of Harmony’s privacy documentation or as an attachment to the DPA or standard vendor-review materials.

If you require any of these materials, inform your Harmony account team about your specific security or legal requirements so the most relevant and up-to-date documentation can be provided.

Do not use this page to claim SOC 2 Type 2, ISO 27001, HIPAA, self-hosted deployment, or specific data residency unless those commitments are separately confirmed in current documentation or the customer’s contract.

Quick links

• Privacy Policy
• Terms of Service
• SOC 2 information
• Security standards
• GDPR information

In-app Trust Center

Harmony also has an in-app Trust Center under Workspace Settings > Trust Center.

That page is not a legal or compliance document hub. It is a read-only workspace analytics page that shows a Trust Score for AI-generated insights based on insight feedback.

The in-app Trust Center shows:

• A donut chart with the Trust Score percentage.
• Positive or no-feedback insights.
• Negative-feedback insights.
• Empty-state messaging when no insights exist yet.

Use the in-app Trust Center to monitor insight quality. Use this security documentation page and your account/security contacts for vendor review.

Common questions

Is Harmony SOC 2 compliant?

Harmony has completed SOC 2 Type 1 as of March 15, 2026, for Security, Confidentiality, and Availability. Do not describe Harmony as SOC 2 Type 2 certified unless a Type 2 report has been completed.

Does SOC 2 answer GDPR, AI training, or data residency questions?

No. SOC 2 is a controls assurance report. GDPR, AI provider retention, and data residency questions should be answered from the current privacy policy, DPA, contract, and security documentation.