// Trust & Security Report

    Jio Haptik Technologies Limited logo

    Jio Haptik Technologies Limited

    Enterprise conversational AI platform with specialized agents for customer service, sales, voice, booking, and lead qualification. Sub-brands include Contakt (gen AI customer experience suite) and Interakt (WhatsApp business messaging).

    Certifications held

    15

    Maturity

    Enterprise

    Trains on your data

    Yes

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO 27001:2022
    HELD

    Haptik diligently follows ISO/IEC 27001:2022 framework for establishing, implementing, and maintaining both physical & technical controls. Encompasses all 93 controls outlined in the ISO 27001:2022 standard.

    Verify on haptik.ai
    ISO 27001:2013
    HELD

    Haptik trust center lists 'ISO/IEC 27001:2013' among its certifications (superseded by the 2022 version, which is also listed).

    Verify on trust.haptik.ai
    ISO 27701
    HELD

    Haptik trust center lists 'ISO/IEC 27701' (Privacy Information Management System) among its certifications.

    Verify on trust.haptik.ai
    ISO 42001:2023
    HELD

    Haptik trust center lists 'ISO/IEC 42001:2023' among its certifications (AI management system).

    Verify on trust.haptik.ai
    HIPAA
    HELD

    Haptik is now HIPAA (Health Insurance Portability and Accountability Act) compliant and ready to serve Healthcare use-cases across the globe, especially in the US. (Blog notes the compliance was assessed by BDO; HIPAA is also listed on the trust center.)

    Verify on haptik.ai
    GDPR
    HELD

    Haptik's platform complies with GDPR. Data Protection Officer (DPO) appointed. Data Processing Addendum (DPA) available for lawful data transfers. Quarterly internal audits covering GDPR standards.

    Verify on haptik.ai
    CCPA
    HELD

    Haptik's platform complies with CCPA. Does not sell, trade, or transfer personal information to outside third parties as defined under CCPA.

    Verify on haptik.ai
    CPRA
    HELD

    Haptik trust center lists 'CPRA'; homepage states the platform 'complies with ISO, GDPR, CCPA, CPRA, CyberGRX, and FIPS 140-2.'

    Verify on trust.haptik.ai
    PDPA (Singapore)
    HELD

    Haptik trust center lists 'PDPA' among its certifications.

    Verify on trust.haptik.ai
    LGPD (Brazil)
    HELD

    Haptik trust center lists 'LGPD' among its certifications.

    Verify on trust.haptik.ai
    FIPS 140-2
    HELD

    Encryption algorithms used are FIPS 140-2 compliant. AES-256 encryption used for data at rest.

    Verify on haptik.ai
    NIST SP 800-53
    HELD

    Policies, procedures, and standards based on NIST SP 800-53 guidelines.

    Verify on trust.haptik.ai
    NIST 800-171 Rev. 2
    HELD

    Haptik trust center lists 'NIST 800-171 Rev. 2' among its frameworks.

    Verify on trust.haptik.ai
    NIST Cybersecurity Framework (CSF)
    HELD

    Haptik trust center lists 'NIST CSF' among its frameworks.

    Verify on trust.haptik.ai
    NIST AI Risk Management Framework
    HELD

    Haptik trust center lists 'NIST AI RMF' among its frameworks.

    Verify on trust.haptik.ai
    > Show 4 unconfirmed / not-held certifications
    SOC 2 (Type 1 or 2)
    NOT CONFIRMED

    No public evidence. SOC 2 is NOT listed on Haptik's official trust center despite being claimed in some marketing materials and third-party comparisons. Trust center confirms 16+ certifications but SOC 2 is absent.

    source: trust.haptik.ai
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification found on vendor domain.

    CSA STAR
    NOT CONFIRMED

    No public evidence of CSA STAR certification found on vendor domain.

    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP authorization found on vendor domain.

    // Privacy & AI training

    Trains on customer data

    Yes

    Data processing agreement

    Offered

    Data region

    Data processed in India. Cloud infrastructure on AWS and Azure. Data Processing Agreements available for international transfers.

    Haptik states 'All the data we store and the process is only used for the purpose of improving our customer's virtual assistants.' Search results indicate 'every customer interaction, the AI becomes more adept.' When models are retrained, they use 'appropriately anonymized data that cannot be reverse-engineered to identify individuals.' Data collected for one purpose cannot be repurposed without explicit permission. Haptik's NLU was trained on 3 billion+ consumer data points. However, explicit opt-out mechanism for model training not mentioned in public documentation.

    // Security controls

    Data Encryption at Rest

    AES-256 encryption, FIPS 140-2 compliant algorithms

    haptik.ai

    Data Encryption in Transit

    SHA-256 HTTPS certificates

    haptik.ai

    Data Masking

    Automatic masking of sensitive entities (PAN, policy numbers, etc.) with AES-256 encryption. Customers can mark additional fields as personal data for automatic masking.

    haptik.ai

    Vulnerability Assessment & Penetration Testing

    CREST-certified independent third party conducts quarterly VAPT. CERT-In empanelled organizations conduct assessments.

    haptik.ai

    Uptime & Availability

    99.9% uptime guarantee with 24/7 incident response team

    haptik.ai

    Access Controls

    Stringent access controls with monthly access reconciliation to prevent unauthorized permissions

    haptik.ai

    Security Training

    Monthly, quarterly, and yearly staff training on data handling, confidentiality, and integrity

    haptik.ai

    Data Protection Officer

    Dedicated DPO for managing privacy complaints and security protocols

    haptik.ai

    Third-Party Audits

    Regular audits by BDO India LLP, KPMG, and SISA. Findings reviewed by Information Security Steering Committee with senior management.

    haptik.ai

    Security Scorecard Grade

    A grade

    trust.haptik.ai

    Qualys SSL Labs Grade

    A+

    trust.haptik.ai

    Security Headers Grade

    A

    trust.haptik.ai

    // Products & data scope

    AI Support AgentCustomer Service

    data: Customer support conversations, FAQs, knowledge bases

    Streamlines support without pre-built journeys. Handles omnichannel engagement (Web, Chat, Voice). 99% improvement in first response time claimed.

    AI Sales AgentSales

    data: Product catalog, customer interactions, purchase data

    Provides smart recommendations using product catalog insights. Multi-step actions capability.

    AI Voice AgentVoice Communications

    data: Phone call conversations, voice data, intent detection

    Advanced intent detection, context-aware responses, multilingual (100+ languages). Dynamic call routing.

    AI Booking AgentHospitality/Travel

    data: Booking requests, customer preferences, availability data

    Drives bookings and reservations. Integration with scheduling systems.

    AI Lead Qualification AgentLead Generation

    data: Lead information, qualification criteria, contact data

    Captures qualified leads for personalized engagement.

    AI Agent BuilderPlatform

    data: Enterprise knowledge base (PDFs, DOCX, PPTX, CSVs, websites)

    Flexible model selection (GPT, Llama, Claude). Fine-tuning on enterprise knowledge base. Multiple RAG systems for accuracy.

    Smart Agent ChatPlatform

    data: Chat interactions, escalation data

    Omnichannel agent inbox. Seamless handoff to human agents. Integration with live chat tools.

    Agent Analytics / Insights AgentAnalytics

    data: Agent performance data, user sentiment, SOP compliance metrics

    Custom dashboards, trend identification, first-time resolution metrics, NPS tracking.

    ContaktPlatform

    data: All customer interaction data across channels

    Gen AI customer experience suite integrating all Haptik agents and capabilities.

    // What to watch

    • SOC 2 NOT SUBSTANTIATED: SOC 2 does not appear on Haptik's trust center or homepage. SOC 2 is sometimes attributed to Haptik in third-party comparison sites, but no evidence of SOC 2 was found on any Haptik-owned page. Do not list SOC 2 without direct vendor confirmation.
    • CyberGRX MISCHARACTERIZATION: Homepage claims compliance with 'CyberGRX' as if it were a compliance standard. CyberGRX is actually a third-party vendor risk assessment platform, not a compliance standard. Haptik likely means they respond to CyberGRX assessments, not 'comply with CyberGRX.'
    • ISO 27001 VERSION: The trust center lists both ISO/IEC 27001:2013 and ISO/IEC 27001:2022, and the enterprise-security ISO 27001 page header references 2013 while its body references the current 2022 version. The 2022 version is current; treat 2022 as the operative certification.
    • DATA TRAINING AMBIGUITY: Privacy policy states data is used 'to improve our customer's virtual assistants' but does not explicitly confirm AI model training. Search results suggest ongoing training on customer interactions with anonymization. Official documentation should clarify whether this constitutes model training and provide explicit opt-out options.
    • LIMITED VENDOR CONTROL ASSERTION: While Haptik is positioned as 'data processor,' customers should verify ownership and control of training data used for model improvement, especially regarding feature interactions across customers.
    • COMPLIANCE DISCLOSURE GAP: Homepage lists fewer than half of Haptik's actual certifications (mentions 'ISO, GDPR, CCPA, CPRA, CyberGRX, FIPS 140-2'), while trust center shows 16+ formal certifications including ISO 42001, HIPAA, multiple NIST frameworks, PDPA, LGPD, etc. Marketing materials significantly understate compliance posture.

    // At a glance

    Pricing model

    Enterprise SaaS with usage-based and fixed pricing tiers. Custom pricing for large deployments. Free trial available.

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Jio Haptik Technologies Limited's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.haptik.ai

    > Browse all vendor trust reports