// Trust & Security Report

    H2O.ai logo

    H2O.ai

    Enterprise AI platform for predictive and generative AI with on-premise, hybrid, and managed cloud deployment options. Core products: h2oGPTe (generative AI), H2O Driverless AI (AutoML), H2O LLM Studio (fine-tuning), tabH2O (foundation model), plus open-source H2O-3, Wave, MLOps, Feature Store.

    Certifications held

    3

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    SOC 2 Type 2 - Listed as current certification in Trust Center; HAIC Security Guarantees Model confirms 'SOC 2 Type 2 Certification: Demonstrates effective security controls operating over time'

    Verify on trust.h2o.ai
    HIPAA/HITECH
    HELD

    H2O.ai achieves SOC2 Type 2 + HIPAA/HITECH Report with Unqualified Status

    Verify on trust.h2o.ai
    IRAP (Australian Compliance)
    HELD

    IRAP - Listed as current certification in Trust Center

    Verify on trust.h2o.ai
    > Show 4 unconfirmed / not-held certifications
    FedRAMP
    NOT CONFIRMED

    FedRAMP 'In Process' designation at High Impact Level as of May 14, 2025. NOT full certification/authorization yet. Press release: 'H2O.ai Achieves FedRAMP "In Process" Designation at High Impact Level' - actively undergoing FedRAMP authorization process, not yet authorized.

    source: h2o.ai
    ISO 27001
    NOT CONFIRMED

    Company is pursuing ISO 27001 but has not yet achieved certification. Search results consistently indicate 'pursuing ISO 27001' with no evidence of current certification.

    source: trust.h2o.ai
    ISO 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence of ISO 42001 certification. Not listed in trust center or security documentation.

    source: trust.h2o.ai
    CSA STAR (Cloud Security Alliance)
    NOT CONFIRMED

    No public evidence of CSA STAR or CSA STAR for AI certification.

    source: trust.h2o.ai

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Primary processing in US; customers can select data residency options where available. International transfers use EU-U.S. Data Privacy Framework and Standard Contractual Clauses (Module 2).

    Explicit prohibition on customer data use for training. Privacy Policy states: 'Customer-provided input data, metadata, and model data are not used to train H2O.ai AI models, unless explicitly agreed in writing.' DPA further states: 'H2O.ai will not use Customer Data to train, retrain, fine-tune, or improve any artificial intelligence or machine learning models, except solely for Customer's benefit and only where expressly agreed in writing.' No use for advertising, profiling, or cross-customer model training allowed.

    // Security controls

    Encryption in transit

    TLS protocols for data in transit

    docs.h2o.ai

    Encryption at rest

    Industry-standard algorithms for data at rest; encrypted storage for sensitive data

    docs.h2o.ai

    Access Control

    Role-based access control (RBAC) following least privilege principles; Identity integration via Keycloak OpenID Connect (OIDC) for external identity provider integration

    docs.h2o.ai

    Audit & Logging

    Comprehensive audit logging of user activities and access patterns; logs retained up to 3 years

    docs.h2o.ai

    Vulnerability Management

    Code reviews, dependency scanning, license verification, vulnerability scanning, annual penetration testing

    docs.h2o.ai

    Backup & Disaster Recovery

    Automated backups using Velero for Kubernetes resources; access-controlled backup environments; customer-specific RTO/RPO objectives

    docs.h2o.ai

    Data Deletion

    Upon termination, personal data deleted or returned within 30 days at customer request, unless legally required to retain

    h2o.ai

    Subprocessor Management

    Maintained subprocessor list at trust.h2o.ai; customers can object within 30 days on reasonable data protection grounds; unresolved objections allow service termination without penalty

    h2o.ai

    Employee Security Training

    Annual employee security training programs

    docs.h2o.ai

    // Products & data scope

    H2O AI Super AgentGenerative AI / Agents

    data: Customer data processed on-premise, hybrid, or managed cloud per deployment choice

    Enterprise agentic AI platform; achieves 75% accuracy on GAIA benchmark; used by federal government (NIH case study)

    h2oGPTe (Enterprise)Generative AI / LLM

    data: Multi-model LLM support; customer data not used for training without consent

    Secure, enterprise platform for SLMs and LLMs; air-gapped deployment capable; used by AT&T (2X ROI case study)

    H2O Driverless AIPredictive AI / AutoML

    data: Automatic feature engineering on customer data

    Model development acceleration; explainability included; used by Commonwealth Bank Australia (70% fraud reduction)

    tabH2OFoundation Models

    data: Tabular data only; no model training required; no data stored

    CSV-to-predictions foundation model; zero data residency

    Enterprise LLM StudioModel Fine-Tuning

    data: Private data fine-tuning; no training on public data without consent

    SLM distillation and fine-tuning on private data

    H2O-3 (Open Source)ML Platform

    data: On-premise only; 2M+ open-source users

    Open-source AutoML; Python, R, Spark support

    H2O AI Cloud (Managed & Hybrid)Platform-as-a-Service

    data: Fully managed or hybrid cloud; on-premise deployment options

    Unified platform across cloud, on-premise, and hybrid environments; FedRAMP High In Process authorization

    // What to watch

    • FedRAMP status marketing claim: Homepage states 'Airgapped and FedRAMP' but current status is 'In Process' at High level (achieved May 2025), not full authorization yet. This is a minor over-claim in marketing language.
    • Trust center FedRAMP listing shows 'FedRAMP Certified Class D' but latest press release (May 2025) shows 'In Process' at High level. Possible discrepancy between products or outdated trust center listing—recommend verification with H2O for product-specific FedRAMP status.
    • ISO 27001 remains 'pursuing' per search results; not yet certified. Companies often cite 'in pursuit' of certifications in marketing but this should be qualified.
    • AI governance certifications (ISO 42001, CSA STAR) not evident in public documentation. As AI governance standards mature, H2O may pursue these in future.

    // At a glance

    Pricing model

    Subscription-based with managed cloud and hybrid/on-premise options; details require direct contact

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on H2O.ai's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.h2o.ai

    > Browse all vendor trust reports