Vendor Risk Management Policy

How HookPilot vets, contracts with and monitors sub-processors and vendors.

Version 1.0.0Effective May 30, 2026Last reviewed May 30, 2026
Plain-English summary. HookPilot only uses a vendor after it has been risk-tiered, contractually bound, and security-reviewed. AI providers carry the most weight in this policy because they route customer prompts. Sub-processor changes that affect customer data are notified in advance to Enterprise customers.

1. Scope

This policy covers every third party that processes HookPilot Caption Studio LLC customer data or that touches the HookPilot AI Workforce Operating System — hosting providers, AI model providers, payment processors, analytics, email, error monitoring, customer support tooling, and anyone with access to production credentials.

2. Risk Tiers

  • Tier 1 — Critical. Processes Customer Content or PII at scale (hosting, primary AI model providers, payment processor, primary identity provider).
  • Tier 2 — Important. Operational telemetry, error monitoring, customer support, sub-AI providers used for narrow tasks.
  • Tier 3 — Limited. Marketing tooling, devops side-services, business tools with no Customer Content.

3. Onboarding Review

  • Security questionnaire (SIG-Lite or CAIQ).
  • Latest SOC 2 / ISO 27001 / equivalent attestation where available.
  • Privacy review for data categories the vendor will see.
  • DPA, SCCs (and UK IDTA where applicable) signed before go-live.
  • Penetration test evidence for Tier 1 vendors.
  • Business continuity / disaster recovery posture review.

4. Contractual Minimums

  • Confidentiality at least as strong as our NDA.
  • Data Processing Addendum specifying purpose, instructions, retention and deletion.
  • Standard Contractual Clauses for cross-border transfers from the EEA / UK / Switzerland.
  • Security incident notification ≤72 hours; assistance with HookPilot's notification obligations.
  • Audit rights or attestation-equivalent rights.
  • Sub-processor flow-down (vendor must impose equivalent terms on its own sub-processors).

5. AI Provider Routing

AI providers are Tier 1 by default because they receive customer prompts. Contractual minimums for AI providers add: (a) zero-day-zero-retention or short-retention for prompt logs; (b) no training on Customer Content; (c) workspace-level account or project isolation; (d) named-region routing where Enterprise customers require it; (e) ability to revoke or disable specific models within 24 hours. The HookPilot routing layer maintains an allowlist of approved providers and refuses to route Customer Content to anything else.

6. Continuous Monitoring

  • Annual re-review of all Tier 1 and Tier 2 vendors.
  • Subscription to vendor security advisories and breach feeds.
  • Quarterly access review — does the vendor still need the access we gave it?
  • Spot checks for license terms, data residency claims, and DPA addenda.
  • Documented exception process for short-term Tier 1 access (≤30 days).

7. Off-Boarding

When a vendor is replaced or retired, HookPilot revokes credentials, requests confirmation of data deletion in writing, removes the vendor from the sub-processor list, and updates the manifest in /legal/manifest.json.

8. Customer Notifications

Enterprise customers receive at least 30 days' notice of any new or replacement sub-processor that processes their Customer Content, along with the right to object. For the public sub-processor list and the standing change-feed, see Privacy Policy §8.

9. Contact

Vendor risk inquiries (including security questionnaires you would like us to complete): security@hookpilot.co.