Hera AI Motion Graphics Creator - LogoStart creating with Hera

Security

Security practices for teams reviewing Hera

Hera is an AI motion graphics platform that processes prompts, uploaded assets, project data, and generated outputs. This page summarizes the security practices we can share publicly today and the compliance work we are preparing.

Data protection

  • Hera uses HTTPS/TLS for browser connections to the service.
  • Customer content is used to provide the requested service and render outputs.
  • Customer uploaded assets and user content are not used for model training unless Hera receives explicit prior consent.

Access control

  • Production access is limited to authorized personnel and services with a business need.
  • Administrative access is reviewed as part of security operations.
  • Credentials and secrets are managed separately from source code.

Application security

  • Code changes are reviewed before release.
  • Production deployments use managed infrastructure and environment separation.
  • The public website applies security headers including frame denial and content type protection.

Monitoring and response

  • Security issues can be reported to [email protected].
  • Hera investigates suspected unauthorized access and will notify affected customers when required by law or contract.
  • Incident response documentation is part of the SOC 2 readiness roadmap.

Compliance status

Hera's SOC 2 readiness work is in progress. Hera does not currently have a SOC 2 report and will only publish SOC 2 claims after an independent audit has been completed.

Current answer

If your procurement checklist asks whether Hera is SOC 2 certified, the accurate answer is no. Hera can still provide current security documentation and discuss compensating controls during enterprise review.

Enterprise questions

Frequently requested security answers

Do you train AI models on customer content?

No. Hera does not use customer uploaded assets, media, or user content for machine-learning model training or dataset creation unless we receive explicit prior consent.

Can we review a DPA?

Enterprise customers can request data processing terms during procurement. The public data processing practices page summarizes the core positions.

Do you publish a subprocessor list?

Hera does not publish the subprocessor list publicly. Qualified enterprise customers can request the current list during review.

Where should security issues be reported?

Send security and privacy questions to [email protected] with enough detail for Hera to investigate.

Need a questionnaire response?

Send the questionnaire and any required evidence requests. We will respond based on current controls and clearly mark any items that are roadmap or not yet available.

Contact security