Overview
Eden protects customer data with tenant-scoped access, TLS encryption in transit, AES-256 encryption at rest through our infrastructure providers, restricted AI data-handling options, reviewed production changes, and a documented vendor and deletion process.
Documents
Security and compliance documentation:
Subprocessors
Third-party subprocessors Eden works with:
Amazon Web Services (AWS)
Amazon Web Services (AWS) is a cloud platform offering compute, storage, database, analytics, security, and other infrastructure services from data centers globally.
Anthropic
Anthropic is an AI safety and research company developing reliable, interpretable, and steerable AI systems, including the Claude family of large language models.
Cloudflare
Cloudflare provides connectivity, security, performance, object storage, and edge infrastructure services for Internet applications.
Deepgram
Deepgram is an AI speech platform providing speech-to-text, text-to-speech, and voice intelligence APIs for developers.
ElevenLabs
ElevenLabs is an AI audio research and deployment company providing voice generation, text-to-speech, and speech tooling.
Controls
Security and compliance controls:
ControlStatus
Unique production database authentication enforced
The company requires authentication to production datastores to use authorized secure authentication mechanisms, such as unique SSH key.
Encryption key access restricted
The company restricts privileged access to encryption keys to authorized users with a business need.
Unique account authentication enforced
The company requires authentication to systems and applications to use unique username and password or authorized Secure Socket Shell (SSH) keys.
Production database access restricted
The company restricts privileged access to databases to authorized users with a business need.
Production network access restricted
The company restricts privileged access to the production network to authorized users with a business need.
Remote access MFA enforced
The company's production systems can only be remotely accessed by authorized employees possessing a valid multi-factor authentication (MFA) method.
Remote access encrypted enforced
The company's production systems can only be remotely accessed by authorized employees via an approved encrypted connection.
Data encryption utilized
The company's datastores housing sensitive customer data are encrypted at rest.
Data transmission encrypted
The company uses secure data transmission protocols to encrypt confidential and sensitive data when transmitted over public networks.
FAQ
Do you use customer data to train models?
No. Eden does not use customer data to train models by default, and works with AI providers under commercial terms designed for business data handling.
Where is data hosted?
Eden is hosted on cloud infrastructure providers, with application hosting, database, and object storage managed by approved subprocessors. Customer data is primarily stored in Eden-controlled application databases and private object storage. See Subprocessors for the current vendor list.
Who can access customer data?
Customer data is scoped by organization. Production access is limited to authorized Eden personnel who need access for support, debugging, security, or operations. Sensitive assets such as recordings and attachments are accessed through private or signed access flows rather than public buckets.
How do you handle AI vendors?
Eden uses commercial AI provider routes for model, voice, and evaluation features. Customer data is not used to train models by default. For approved customers, restricted data handling can limit sensitive tracing, model/provider routing, web search, integrations, and voice-provider exposure.
Can you sign a DPA?
Yes. Eden can review and sign a Data Processing Addendum for customers that require one as part of procurement or security review.
Can we request deletion?
Yes. Customers can request deletion or offboarding by contacting security@edenhq.com. Eden's deletion process covers core application records, stored files, recordings, integration tokens, and related operational systems, subject to legal, security, and backup-retention requirements.
How is access to customer data controlled?
Customer data is scoped by organization, production access is limited to authorized personnel, and sensitive assets are served through private or signed access flows.
Do you support restricted data handling?
Yes, for approved customers. Restricted handling limits sensitive AI tracing and narrows approved provider, integration, and model routes.
Do you have SOC 2?
Not yet. Eden's security program is organized around the SOC 2 Security and Confidentiality criteria, and we maintain operating controls for access, change management, vendor review, data handling, incident response, and continuity. We can share current security materials during customer review.
Do you support SSO?
Not yet. Eden supports standard account authentication today and can discuss SSO requirements with customers during security review.