Sign in Request access

Trust Center

Your data is in safe hands.

From encryption to access control, HQ holds to rigorous standards so your data stays secure, private, and compliant. Everything a security team needs to evaluate us is here, in the open: our certifications, where your data lives, and the controls behind every agent action.

Last reviewed June 2026

View certifications Contact our security team
  • ISO 27001, 14001 and 9001 certified
  • EU and US data residency
  • Immutable audit log on every action
  • GDPR-aligned data handling

Certifications

Independently certified.

Audited and certified by an accredited registrar. Download the current certificate for each standard.

ISO/IEC 27001 Certified
Information security management CI-23461/2026
PDF
ISO 14001 Certified
Environmental management CKM-23462/2026
PDF
ISO 9001 Certified
Quality management CKM-23462/2026
PDF

Data residency

Where your data lives.

Two separated, isolated datacenters on hardware we operate end to end. Choose the region your data stays in.

Operational
European Union

Primary EU region. Customer data stays inside the EU, on hardware we operate ourselves.

Being established
United States

US region for customers who need US data residency. Currently being established.

GDPR

Built under GDPR.

Our technical team is based in Stockholm, Sweden, so HQ is designed and operated under GDPR from day one: among the world's most stringent standards for data privacy. The same strict default protects every customer, wherever they work.

Privacy Policy Data Processing Agreement All legal documents

Security controls

What we do, line by line.

The controls behind the platform, grounded in how it is actually built.

Infrastructure & isolation

  • Every conversation runs in its own hardware-isolated microVM
  • Sandboxes are torn down when their work is done
  • Controlled, country-pinned egress: agents reach only what you allow
  • Dedicated hardware we operate end to end, no hyperscaler dependency

Data protection

  • Choice of EU or US data residency
  • Encrypted in transit and at rest
  • Your data is never used to train models
  • Edit, delete and freeze controls over stored data

Access & identity

  • Every action carries an identity chain: who asked, which agent, on whose authority
  • Integration credentials encrypted at rest and scoped to a single tool
  • Per-workspace integration toggles: authorize only what you want, revoke anytime

Audit & accountability

  • An immutable audit log records every agent action and what it touched
  • Built for EU AI Act traceability and human oversight, not bolted on
  • A full, exportable history for your security and compliance teams

Application security

  • Secrets held in a dedicated vault, never stored in plaintext
  • Least-privilege tool access, granted per agent
  • Dependencies pinned and kept current across the stack

Privacy & compliance

  • GDPR-aligned data handling and data-subject controls
  • ISO 27001, 14001 and 9001 certified
  • Data-processing terms (DPA) available on request

Report a vulnerability

Found a security issue? We want to hear from you. Email security@hq.zone and we will respond promptly. We support coordinated disclosure and will not pursue good-faith research.

Reviewing HQ for your security team?

We will walk through isolation, residency, audit, and our controls in detail, and share any documentation you need.

Talk to us