Hero is the AI Sales Teammate built by Vivun, Inc. It prepares sellers before meetings, supports them in real time during live conversations, and handles follow-through the moment a call ends: all without ever compromising the integrity or confidentiality of your data. Security, privacy, and compliance are built into every layer of the platform, so your revenue team can move at full speed while your security team stays in control.
For copies of certificates, audit reports, and compliance documentation, visit the Vivun Trust Center
Security Compliance & Certifications
Category | Capability | Description | Learn More |
AI Management System | ISO 42001:2023 | Hero's AI systems are governed by a formal AI Policy covering every technology Vivun develops, integrates, or deploys. ISO 42001 validates Vivun’s organizational AI governance, ethical AI system design, responsible AI use, trusted data practices, and AI risk and impact assessment processes. | Download Vivun’s ISO 42001 certificate from the Trust Center. |
Security Validations | ISO 27001 Certificate | ISO 27001 is the leading international standard for Information Security Management Systems (ISMS). Vivun has achieved ISO 27001 certification, independently audited and renewed annually. | Download Vivun’s ISO 27001 certificate from the Trust Center. |
| SOC 2 Type I Report | Vivun has achieved SOC 2 Type I certification. An independent auditor has evaluated the design of our security controls against the AICPA Trust Service Criteria covering security, availability, and confidentiality. | Download Vivun’s SOC 2 reports from the Trust Center. |
| SOC 2 Type II Report | Vivun maintains a SOC 2 Type II certification. The independent assessment affirms Vivun’s commitment to the operational effectiveness of the security controls over time. Audits are conducted annually. | Download our SOC 2 reports from the Trust Center. |
| Penetration Test | Vivun obtains independent validation of platform security through external third-party penetration tests conducted at least annually. | Executive summaries are available via the Trust Center. |
Privacy & Compliance | GDPR | Hero is fully GDPR compliant. We assist customers in understanding how Hero features and functionality may affect their GDPR compliance obligations. Vivun acts as a data processor on behalf of customers, under the terms of our Data Processing Addendum. | |
| CCPA | Hero is compliant with the California Consumer Privacy Act of 2018, securing privacy rights for California consumers and providing customers with appropriate controls over personal data. |
Data Security
Capability | Description |
Data Encryption | Customer data is encrypted in transit using TLS and at rest using AES-256. |
Data Storage | All customer data is stored in geographically diverse AWS data centers within the United States. |
Data Segregation | Customer data is logically segregated within Hero's multi-tenant architecture, consistent with enterprise SaaS best practices. Each customer's data is maintained separately and inaccessible to other tenants. |
Data Retention | Data retention is governed by Vivun’s online terms and Master Service Agreement. |
Data Deletion | Customers may request deletion of their data at any time by contacting [email protected]. Vivun will fulfill deletion requests in accordance with applicable data protection laws and the terms of the Data Processing Addendum. |
AI Training Restrictions | Your data is never used to train any third-party AI model. |
Identity Management & Access Controls
Capability | Description |
Role-Based Access Control (RBAC) | Hero enforces multi-layered access control with role-based permissions and least-privilege enforcement. Access to customer data by Vivun personnel is restricted to authorized individuals on a need-to-know basis. |
Least Privilege | All internal access to customer data follows a least-privilege model. Access by Vivun personnel is limited strictly to what is necessary to operate, maintain, and improve the service. |
End User Provisioning | Customer administrators control provisioning and de-provisioning of end users. Customers are responsible for managing access to Hero within their organization in accordance with the Master Subscription Agreement. |
Session & Credential Management | Hero credentials and session controls are managed in accordance with Vivun's security policies. |
Logging & Monitoring
Capability | Description |
Real-Time Threat Monitoring | Vivun operates real-time threat monitoring with robust incident response processes across the Hero platform. |
Audit Trails | Audit trails are maintained for technical and legal review. Architectural and data flow diagrams are available to customers via the Vivun Security Portal. |
Incident Response | In the event of a security breach affecting customer personal data, Vivun will notify the affected customer without undue delay, take reasonable steps to mitigate harm, and provide reasonable assistance in responding to any regulatory or data subject obligations. |
Infrastructure & Business Continuity
Capability | Description |
Cloud Hosting | Hero is a SaaS application hosted on AWS. |
Data Backups | Vivun conducts regular backups of customer data to ensure platform resilience and the ability to recover data in the event of an outage. |
Uptime & Availability | Hero is built to enterprise availability standards. |
Privacy & Compliance
Capability | Description | Learn More |
Data Processing Addendum (DPA) | Vivun's DPA governs the processing of customer personal data and is incorporated into the Master Subscription Agreement. It reflects the obligations of both parties under GDPR, CCPA, and other applicable data protection laws. | |
Privacy Policy | Vivun's Privacy Policy describes how we collect, use, and disclose information in connection with our services. | |
Sub-Processors | Vivun maintains a list of authorized sub-processors engaged to support delivery of the Hero platform. Enterprise customers may opt into notifications for changes to the sub-processor list by contacting [email protected]. | |
Right to Erasure / Data Subject Requests | Hero is compliant with GDPR and CCPA requirements for the right to be forgotten. Data deletion requests may be made by contacting [email protected]. Vivun will provide reasonable assistance to customers in responding to data subject access requests. | Contact Legal |
Standard Contractual Clauses (SCCs) | For international data transfers, Vivun implements appropriate safeguards including EU Standard Contractual Clauses and UK SCCs where applicable, in accordance with our DPA. | |
AI Governance | Hero's use of AI is governed by a formal AI Policy. Audit trails are maintained for AI system operations and are available for technical and legal review. Vivun does not use customer data to train third-party AI models. | |
|
|
|
Vulnerability Management & Application Security
Capability | Description |
Vulnerability Management | Vivun maintains a robust vulnerability remediation and patch management program, validated through the annual SOC 2 and ISO audits. |
Responsible Disclosure Program | Vivun operates a Responsible Vulnerability Disclosure Program. Security researchers may submit findings in accordance with the program terms. |
Third-Party Penetration Testing | External penetration tests are conducted by independent third parties regularly. Executive summaries are available to customers via the Hero Security Portal. |