Skip to main content

Trust

Trust Center

Finn runs regulated voice conversations at scale. Our information security, service management, and quality systems are independently certified and open to verification — the certificate numbers below can be checked directly with the issuing body.

ISO/IEC 27001:2022ISO/IEC 20000-1:2018ISO 9001:2015Live status

Issued by UKBIZ Certification Inc, EUAS-accredited — all three certificates valid through 18 May 2028 and verifiable with the issuing body.

Independently audited

Certifications

Verify with issuer

ISO/IEC 27001:2022

Information Security Management

Certificate
UKBIZ/25D/ISMS/0062
Issued
19 May 2025
Valid through
18 May 2028
Certificate (PDF)

ISO/IEC 20000-1:2018

IT Service Management

Certificate
UKBIZ/25G/ITMS/0061
Issued
19 May 2025
Valid through
18 May 2028
Certificate (PDF)

ISO 9001:2015

Quality Management

Certificate
UKBIZ/25K/QMS/0060
Issued
19 May 2025
Valid through
18 May 2028
Certificate (PDF)

SOC 2 Type II

Audit in progress

Our observation window is underway with A-LIGN, an independent audit firm, with the report expected August 2026. We are not SOC 2 attested today and the report is not yet available for distribution — when A-LIGN completes the audit we will publish it here alongside the certificates above.

On request

HIPAA Business Associate Agreement

For enterprise customers processing PHI. Executed per engagement.

Request via email
On request

Standard Contractual Clauses

Executed copy with completed annexes for EU, UK, and Swiss transfers.

Request via email
On request

ISO 27001 Statement of Applicability

Annex A control detail, shared under NDA.

Request via email

Certified scope. Real-time AI voice agents that handle outbound and inbound calls, automating conversations, bookings, and support with natural, human-like speech and system integrations.

Issued by UKBIZ Certification Inc, accredited by EUAS — Euro Universal Accreditation Systems. Certificates are subject to annual surveillance audits.

Security & data protection

Compliance is the floor, not the ceiling.

Voice is regulated. Healthcare, finance, insurance, legal — Finn was built to run there from day one.

A certified information security management system

Rather than ask you to take our word for it, we point at the audit. Our ISMS is certified to ISO/IEC 27001:2022 for the scope above — the standard whose Annex A controls cover access control, cryptography, operations security, logging and monitoring, supplier relationships, and incident management. Certification was assessed by an independent, EUAS-accredited body and is maintained through annual surveillance audits.

Customers under NDA can request our Statement of Applicability and control detail through their account team.

Data residency

Your workspace's storage region is assigned at provisioning, and call recordings and transcripts come to rest there. Regional separation falls within the scope of our ISO/IEC 27001 certification.

For the region assigned to your workspace, or a written residency attestation for a vendor review, contact [email protected].

Model inference and speech services run on additional providers — see Subprocessors for the full list and the region each operates in.

Encryption in transit and at rest

AES-256 at rest, TLS 1.3 in transit. Recordings, transcripts, PII — all encrypted by default.

Audit trails

Every API call, every config change, every data access — logged, immutable, exportable.

PII redaction

Auto-redact card numbers, SSNs, account IDs from transcripts. Custom regex for industry-specific patterns.

Role-based access

Granular permissions per user, per workspace. SSO via SAML or OIDC. SCIM provisioning for enterprise.

Beyond the certifications

Regulatory posture

The platform is built and operated around the regimes below. These are obligations we design for — distinct from the independently audited certifications above.

GDPR / ePrivacy

European Union & EEA

DPDP Act 2023

India

HIPAA

United States — BAAs available for PHI workloads

TRAI & RBI

India — telecom and financial communication

TCPA / FTC TSR

United States — telemarketing

Responsibility for consent, call intent, and audience sourcing sits with the customer. Our Consent & Legal Guidance sets out what that means in each region.

Reliability

System status

All systems operational

Monitored externally since 18 Jul 2026 · updated live

www.hirefinn.ai

100%

Uptime · since monitoring began

Get in touch

Security contact

Report a security concern

If you believe you've found a vulnerability, email [email protected] with steps to reproduce, affected endpoints, and any supporting detail. We investigate every report and respond directly. Please give us a reasonable window to remediate before any public disclosure.

Security review or vendor onboarding

For security questionnaires, DPAs, company registration details, or documentation not published here, contact [email protected].

AIforge Tech Private Limited · CIN U62099RJ2025PTC099494 · Jaipur, Rajasthan, India

Get started

Hire Finn and scale with confidence.

Move from idea to live voice automation — securely, reliably, and without operational risk.

Book a Demo

Fort-nightly Launches

We move quickly and get you what you need

Powerful Tools

Pre-built dashboards, reports, automations, more