Trust & Security

Built to be trusted with regulated data

Your data stays in your own account, Hughes holds no write keys, and every action is drafted for your team to commit — audited end to end. Built for credit unions, their auditors and their examiners.

Data handling

Additive, and yours to control

Hughes runs in your own account and reads only what it needs. Anything that changes your systems, your team commits — Hughes holds no write keys.

Your cloud

Your data stays in your account

Hughes runs against your own Snowflake — your data never moves to ours. No centralise-and-lock-in.

No write keys

We draft; you commit

Hughes reads your data and drafts every correction with its audit trail. Your team commits it in the systems they already control — e-OSCAR and your core. Hughes never writes to your systems of record.

Demo

No member data in the demo

The public demo runs entirely on synthetic data for a fictional credit union. No real member or account data is used.

Access & controls

Least privilege, by construction

The guardrails aren't policies you have to trust us to follow — they're built into how the system runs.

Read-only role

SQL runs under a database role that has no write permission. Destructive operations are not possible at the role level.

Parameterised queries

Queries are parameterised, not string-built — closing off injection by construction, enforced in the build.

Human-in-the-loop

In Disputes, every AI recommendation gates behind an explicit human sign-off. Nothing actions itself.

Scoped & reviewable

Access is scoped per workflow and reviewable with your team — no opaque permissions behind glass.

Auditability

Every step, on the record

If you can't reproduce it, you can't defend it. Hughes is built so every answer and every decision has a paper trail.

Append-only

Every query logged

Each query and each dispute decision writes an append-only audit row — including the AI's reasoning and the human's sign-off.

Reproducible

Reconstructable from the log

Every answer and disposition can be reproduced from its log entry alone — the same input gives the same, traceable result.

Exportable

Exam-ready exports

The trail is exportable for your auditors and examiners. (See how this shows up in a case on the Disputes page.)

Certifications

Engineered to certify

SOC 2 Type II

SOC 1

ISO 27001

ISO 27701

PCI DSS

CSA STAR

Every certification credit unions expect of a vendor is on our roadmap.

Bring your security team to the table.

Request early access and we'll set up a working session with your information-security and vendor-risk teams.

Request early access See how trust shows up in the product