HomecareHQ is an orchestrator, not your system of record. Your connected systems stay
the source of truth for their data — HomecareHQ reads a working copy to answer your questions
and build dashboards, isolated to your organization. You control which data areas are turned
on, and most connections are read-only for chat and dashboards today.
Where your credentials live
Vaulted, never stored by us
Credentials for connected systems are encrypted and held by our credential vault partner
(Nango). HomecareHQ’s own systems never see or store them.
Least privilege
We ask only for the access needed for the features you use — and several systems are
read-only.
What we read and store
- A working copy. We sync the data areas you enable into a working copy so AskHQ can answer quickly. It’s isolated to your organization.
- Only enabled areas. Sensitive areas (like PrismHR payroll and benefits) stay off until you opt in. Turning an area off means we simply don’t fetch it.
- Documents = references only. For HR document features, we read the list of documents — references and metadata — never the file contents.
Isolation between organizations
Every piece of your data is scoped to your organization and protected by row-level security, so one agency’s data is never visible to another. AskHQ also respects each user’s role — people only see what they’re permitted to.Controls you hold
Choose data areas
Enable or disable sensitive data areas per connection in Admin Settings → Integrations.
Disconnect anytime
Disconnecting a system immediately stops further access.
Role-based access
Owners and admins manage connections; what each user sees is governed by their role.
Audited activity
Data queries are recorded, so there’s a trail of what was accessed.

