# What’s Hummingbird’s security and data management policy?

Security is paramount at Hummingbird. We store Suspicious Activity Reporting (SAR) case data on a Virtual Private Cloud (VPC) hosted on Amazon Web Services. We are Service Organization Control (SOC) 2 Type II certified and have large financial institutions using the platform, having passed extensive due diligence audits for very large organizations. We also provide prospective customers with an extensive InfoSec package under a non-disclosure agreement (NDA).

The [security section](https://hummingbird.co/security/) of our website provides more detail on our security practices and procedures. If you’d like to review our policy documents and certification reports, please reach out to our team at <support@hummingbird.co>.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.hummingbird.co/general/whats-hummingbirds-security-and-data-management-policy.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.