Safety and responsible disclosure
HedgeFundAI is in invite-only private beta. Safety is built into how the product works, not bolted on afterward. This page explains the controls that protect your workspace, and how to report a security issue.
You approve every external action. The assistant advises; it never decides or acts on its own. Your business data is never shared with another business.
How we keep your workspace safe
- You approve external actions. HedgeFundAI does not send emails, publish content, move money, or take any other action outside your workspace automatically. External actions happen only after you give explicit approval against a draft prepared for your review.
- Advisory only. The in-workspace assistant produces drafts, summaries, and suggestions. It does not make legal, medical, or financial decisions for you, and regulated categories are flagged during onboarding for review.
- Data isolation. One business’s private data is never visible to another. The assistant only works within your own workspace and cannot reach other businesses or internal HedgeFundAI systems.
- Connectors are scoped. When you connect a tool, the access is scoped to what that connection needs, and connector secrets are cleared as soon as you revoke a connection.
- Off by default. Agents and workflows stay inactive until you approve them. Any future cross-business learning is off unless you turn it on.
- Personal onboarding. During private beta we set up each workspace with you, rather than through an automatic self-serve signup, so nothing is switched on before you expect it.
What we do not do
- We do not take autonomous action on your behalf.
- We do not make legal, medical, or financial decisions for you.
- We do not share your private business data with other businesses.
- We do not promise that your business will grow — we surface useful recommendations, and the decisions are yours.
Reporting a security issue
If you believe you have found a security vulnerability in HedgeFundAI, please email security@hedgefundai.co — a real, monitored mailbox. We ask that you:
- Give us a reasonable opportunity to investigate and address the issue before any public disclosure.
- Avoid accessing or modifying data that is not your own while investigating.
We aim to acknowledge security reports and work toward resolution within a 90-day disclosure timeline. This page is the disclosure policy referenced from our security.txt.