Skip to main content

Security at Henchman

Security is our top priority

Henchman employs best-in-class procedures and practices to ensure that your data remains private, secure, and compliant.

Security badges

World Class Security

  1. Secure user and contract data

    Henchman’s user and contract data is protected by AES-256, the industry-standard encryption algorithm. Additionally, strict identity and access management policies (such as single sign-on and two-factor authentication) ensure client data remains protected at all times.
  2. Privacy by design

    Henchman was designed for GDPR in partnership with Deloitte. Our GDPR trajectory has been thoroughly reviewed – resulting in the creation of a well-defined set of deliverables that are future proof when it comes to data privacy.
  3. Compliance

    Leading international standards for information security management? No problem! All infrastructure, people, and technologies critical to the confidentiality, integrity, availability, and privacy of all data managed by Henchman is both SOC 2 compliant and ISO 27001 certified.
  4. Risk Management

    Not only does Henchman run a company-wide risk management program based on the SOC 2 and ISO 27001 standards – we also partner with leading vendors to go above and beyond: from running internal, educational phishing programs to continuous penetration testing.
  5. Reliance

    Henchman’s services are built on industry-leading technologies such as Amazon Web Services (AWS) to ensure the highest grade security of client data and best-in-class scalability. We pride ourselves in our uptime (99.99% in the last year).
  6. Your data remains private

    Given the sensitive nature of legal data, our data centers only store text snippets (no entire contracts). Further, we don’t allow any AI technologies associated with our add-on (eg. Azure OpenAI Service) to store nor use any (customer) data.

Our platform is built with data access,
integration, customization, and security in mind.”

Wouter Van Respaille
Co-founder & CTO at Henchman

Frequently asked security questions

General & security

  • How can I learn more about how Henchman integrates with DMS systems?

    We integrate with a broad variety of contract databases in a true plug and play fashion. Each integration is designed to eliminate any manual setup or maintenance required – allowing you to realize more value from their IT investments as soon as possible.

  • What happens when a customer connects their contract database to Henchman?

    This is bespoke to every Document Management System (DMS) Henchman integrates with. Depending on the customer’s preference, we’re capable of analyzing either the whole database or just a subset – and can take over user permissions and add custom filter sets as the customer sees fit.

  • Can I set up Henchman so users will have to authenticate through SSO?

    Absolutely! We allow customers to log in with their existing Google or Microsoft account via Single sign-on. It’s simple and secure! This also allows you to set up two-factor authentication if desired.

  • Language agnostic: how does it work?

    Due to the nature of our technical set up, Henchman is equally performant in all languages. Our solution is perfectly capable of extracting, categorizing, and surfacing clauses and definitions regardless of language. Furthermore, we can enrich clauses with additional data for future reference.

  • What makes Henchman’s processor so unique?

    Some call it magic, others say our developers did an amazing job. Our state-of-the-art solution revolutionizes contract analysis by effortlessly extracting and categorizing important information. Instantly get your clauses and definitions grouped, ranked, and enriched with additional data. This, in combination with the fact that we easily integrate with the most used contract databases, makes Henchman the go-to no-setup contract drafting solution.

  • Does Henchman store my company's data for training purposes?

    No. As we take pride in our security and privacy don’t allow the technology behind our AI Clause Assistant* (eg. Azure OpenAI Service) to store or use any (customer) data for training purposes.

    Henchman’s product offering leverages its own data centers for secure hosting, with the exception of the AI Clause Assistant. This module uses both self-hosted technology, as well as Microsoft Azure’s OpenAI Service for its GPT-based capabilities. Microsoft Azure’s EU-based datacenters are GDPR-compliant, ensure high availability and scalability on demand.

    That said, given the sensitive nature of legal data, our data centers only store text snippets (not entire contracts). Further, we don’t allow any AI technologies associated with our add-on (eg. Azure OpenAI Service) to store nor use any (customer) data for training purposes.

    *Also note that Henchman’s AI Clause Assistant is an add-on on top of Henchman’s base package. For more information, please contact sales.

  • How can I get a hold of Henchman’s Data Processing Agreement (DPA)?

    Please contact sales for more information on our DPA.

The ultimate
drafting workflow