Henoyo deploys into your own AWS or Azure account, behind your IAM, inside your security boundary. Every customer tenant is physically separate. Your Salesforce tokens live in your cloud’s secrets store. Data residency is wherever you already run, which means GDPR, DPDP, HIPAA, and CCPA controls you’ve already written keep applying.
One diagram, one boundary. Everything inside the dashed line runs in your cloud account. Everything outside is either the user’s browser or the systems you already own.
Configured from the Security section of the portal. Every layer is observable, every decision is logged.
Field-level, regex, and cloud-native PII detection from the cloud you already pay for. AWS Comprehend on AWS, Microsoft Presidio on Azure, configurable per Prompt, per field. Free-text scrubbed before the model sees it; structured fields get typed masks.
Structured records are tokenized before they reach the model. Token sessions are ephemeral with a 15-minute TTL in DynamoDB or Cosmos DB. The model sees a handle, never the value, which means a compromised prompt cannot exfiltrate real data.
Input sanitization, tool-allowlist enforcement, and output validation on every call. The model cannot invoke a tool it was not granted at Agent-authoring time. Every denied call is logged with the rule that denied it, for review.
Every call, mask, model response, and tool invocation is logged to an immutable store. Six-year default retention, aligned to FINRA. Exportable as CSV, or streamed to your S3, Azure Blob, or Splunk instance for the review your security team already runs.
Your data runs in your AWS or Azure account, in the region you already chose for GDPR, DPDP, or in-country requirements. No copy. No replication. No access for Henoyo.
Henoyo operates as a processor. Controller obligations under GDPR, India DPDP, UAE PDPL, and Singapore PDPA stay with you, because the data stays in your perimeter. DPA available on request.
Deployable in HIPAA-eligible AWS and Azure regions. BAA available on request. PHI never leaves your account, so your existing HIPAA program can often extend with minimal change, subject to your own controls and review.
Henoyo is not the data controller. You maintain controller responsibilities under CCPA, CPRA, and similar US state laws. The audit log carries the evidence your privacy team needs.
If you turn on the voice channel, audio is transcribed by Deepgram in the United States. EU, India, and Australia customers choose whether to enable that channel; non-voice application data continues to run in the cloud and region you chose at install. The sub-processor table below has the specific scope.
Long-form prose your security and privacy team can read end-to-end.
Data residency, processor role, transfer mechanisms, controller obligations.
Provider versus deployer roles, risk classification, high-risk obligations.
Significant data fiduciary, in-country residency, breach notification.
Privacy Act, in-country deployment, government data hosting standards.
| Sub-processor | Purpose | Region |
|---|---|---|
| AWS | Compute, storage (AWS deploys) | Customer's |
| Azure | Compute, storage (Azure deploys) | Customer's |
| Anthropic | Optional (Claude) | Customer's |
| OpenAI | Optional (GPT-4o) | Customer's |
| Deepgram | Voice speech-to-text (only if voice channel enabled) | US |
| Salesforce | Source system (customer's own instance) | Customer's |
Data Processing Addendum, signed. Turn-around typically within 2 business days.
In your own AWS or Azure account, in the region you already chose for GDPR, DPDP, or in-country requirements. There is no replication to Henoyo infrastructure. No copy. No mirror. Data residency matches whatever your existing Salesforce, Microsoft Dynamics, or database deployment already honours.
No. The Henoyo team has no standing access to any customer tenant. Your Salesforce OAuth tokens live in your own AWS Secrets Manager or Azure Key Vault. The runtime container executes under your IAM. Support access, if needed, is granted by you, logged in the audit trail, and revoked at will.
Henoyo is designed to run in AWS and Azure regions used by customers pursuing SOC 2, ISO 27001, HIPAA, and equivalent frameworks. Because the software runs inside your perimeter, your existing controls can continue to apply, though any certification attestation depends on your configuration, scope, and review. DPA and BAA are available on request.
Four layers. One, field-level masking via AWS Comprehend on AWS or Microsoft Presidio on Azure, configurable per Prompt and per field. Two, tokenization: structured values are replaced with handles that live 15 minutes in DynamoDB or Cosmos DB. Three, prompt-injection defenses with tool-allowlist enforcement and output validation. Four, an immutable 6-year audit log aligned to FINRA.
You pick. Default options include Amazon Bedrock (Claude, Nova) on AWS and Azure OpenAI (GPT-4o) on Azure. Self-hosted open-weight models are supported where the underlying cloud region supports them. Models are configurable per Agent, so a voice channel can use a faster model while a security-critical Skill uses a more cautious one.
Yes. DPA turn-around is typically within 2 business days. BAA is available for deployments in HIPAA-eligible AWS and Azure regions. Request both from security@henoyo.ai. Henoyo operates as a data processor under GDPR, CCPA, and equivalent regimes.
Deploy in about an hour. Book 30 minutes with our team and we'll walk through the install, your security posture, and your first Skills.