Trust Center

GoodHelp Constitution

Your GoodHelp Constitution is the rules your agents work by — and the proof they followed them. This Trust Center is where you inspect both: a tamper-evident record of what every AI agent did, why, and on whose authority. The eight controls below are the load-bearing pieces — the rules on one side, the proof on the other.

The rules your agents work by

What each agent is configured to do — which tools, on whose authority, and with what data — checked server-side at decision time. All shipped today.

ControlHow it worksStatus
Per-agent runtime policiesEach agent runs against a declarative policy: allow-listed tools, per-run cost cap, external-comms allow-list, and approval gates. Policy violations short-circuit the tool call before any side effect.Shipped
Separation-of-duties (SoD) approvalsSensitive agent changes require a second-party approval. The OWNER/ADMIN who edited the agent cannot also approve the change, enforced server-side at decision time.Shipped
PII redactionA regex-based redactor runs at audit-log write time on the recorded action parameters and outcomes, so detected SSNs, account numbers, and free-text PII are replaced with type-preserving placeholders in your tamper-evident log and evidence exports. Coverage follows your compliance profile — the Regulated Industry profile forces it on and extends it to email and phone.Shipped
Compliance profile flipSwitching an org to the Regulated Industry profile raises retention to 7 years, forces PII filtering ON, and pins the audit signing version. The flip is itself an audit event.Shipped

The proof they followed them

A tamper-evident record of what every agent actually did, why, and on whose authority — yours to inspect, export, and verify offline. All shipped today.

ControlHow it worksStatus
Tamper-evident audit logEvery agent action is appended to a per-org hash-chained audit log rooted in a Google Cloud KMS-managed signing key. Any retroactive edit breaks the chain and is detectable by replay.Shipped
KMS-rooted signingAll audit signatures derive from a Cloud KMS-managed signing key. Key rotation is supported and previous signature versions remain verifiable indefinitely against archived public material.Shipped
Evidence exportOWNERs can export a signed evidence pack for any date range — JSON manifest plus body (CSV/TSV/JSON), KMS-rooted signing key — suitable for auditor handoff or regulator request. Verify offline with the published public key.Shipped
Retention sweepRuns daily. Enumerates records past the org’s retention horizon and logs every action to the ledger. Defaults to dry-run per-org; flip to live-delete is operator-controlled and itself logged with a tombstone entry once enabled.Shipped

What we do not claim

Honest > shiny. Where we don't yet have the certification or the property, we don't claim it.

  • ❌ CMMC
  • ❌ FedRAMP
  • ❌ ITAR
  • ❌ GovCloud
  • ❌ SOC 2 (in progress; not certified)
  • ❌ DCAA-certified
  • ❌ "Immutable" (we say tamper-evident)
  • ❌ "Blockchain" (we say hash-chained, append-only)

Stripe & PCI posture

Payments are processed via Stripe Checkout. Cardholder data (PAN) never touches our infrastructure; Stripe Checkout handles the entire card-capture surface. We hold a Stripe customer id and a subscription id, nothing more.

Regulatory posture

DCAA-aligned controls. Not DCAA-certified — we map our controls to DCAA requirements. If your contracting officer or prime needs a specific control mapping, our compliance team can share the current crosswalk on request.

Subprocessors

The third parties that touch customer data in the course of normal operations.

VendorUse
GCPPrimary cloud, KMS, storage, Firestore.
Temporal CloudWorkflow orchestration.
AnthropicClaude family models.
OpenAIGPT family models.
FirebaseAuth + client-side state for the admin app.
StripePayments (Stripe Checkout; no PAN on our infra).
SendGridTransactional and inbound email.
MercuryCustomer banking integrations (read-only via OAuth where used).

Contact

Security reports, compliance questions, and auditor crosswalk requests all reach our security team.

Last reviewed against the shipped product: June 14, 2026