Security

Built for tenant-isolated sales intelligence.

A concise overview of how Thread protects prospect, deal, CRM, AI, and generated-content data. Last updated June 11, 2026.

Our posture

Thread is designed for teams that want to prospect, prepare, coach, and manage active pipeline without leaking customer data. Our security posture is built around strict tenant isolation, least privilege, auditable automation, and explicit boundaries for AI and integrations.

Data protection

Tenant-owned records are isolated by organisation, encrypted in transit and at rest, and protected by role-based access controls. Privileged access is checked before tenant data is read or changed, and sensitive actions require an authorised user in the correct organisation.

Team learning stays inside the customer’s tenant. Lessons from won/lost deals, practice runs, and buyer-map activity can help your team, but do not become another customer’s data.

CRM and AI boundaries

HubSpot connections use OAuth. Thread stores the connection only after a tenant admin authorises it, and import runs remain auditable. Rows marked as conflicts, duplicates, or needing review stay out of the write path until an authorised user resolves them.

Thread uses business-grade AI model providers for generation, classification, and coaching workflows. Customer data sent to model providers is governed by business API terms that prohibit training general-purpose models on your data where available. We do not send tenant data to free or community-tier APIs.

Prompt context is tenant-scoped. Sales collateral, briefs, practice coaching, buyer-map suggestions, and outbound drafts are generated from the tenant’s configured ICP, offerings, prospect research, and deal context. Heft IQ-specific positioning is not used for another tenant’s collateral by default.

Trust center

Heft IQ uses Vanta to maintain our trust center and security evidence. You can review our current posture, policies, and available artifacts in the Heft IQ Trust Center. Detailed subprocessors, policies, and security artifacts live there rather than on the public website.

Contact and vulnerabilities

Security questions, review requests, or vulnerability reports:security@heftiq.com. We’ll acknowledge vulnerability reports within one business day and keep you posted as we triage.

Security · Thread