> ## Documentation Index
> Fetch the complete documentation index at: https://docs.homecarehq.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Trust & your data

> What HomecareHQ reads, stores, and protects — and the controls you hold.

HomecareHQ is built to be careful with your data. This page explains how connected data is
handled and the controls you have.

<Info>
  **HomecareHQ is an orchestrator, not your system of record.** Your connected systems stay
  the source of truth for their data — HomecareHQ reads a working copy to answer your questions
  and build dashboards, isolated to your organization. You control which data areas are turned
  on, and most connections are **read-only** for chat and dashboards today.
</Info>

## Where your credentials live

<CardGroup cols={2}>
  <Card title="Vaulted, never stored by us" icon="vault">
    Credentials for connected systems are encrypted and held by our credential vault partner
    (Nango). HomecareHQ's own systems never see or store them.
  </Card>

  <Card title="Least privilege" icon="key">
    We ask only for the access needed for the features you use — and several systems are
    read-only.
  </Card>
</CardGroup>

## What we read and store

* **A working copy.** We sync the data areas you enable into a working copy so AskHQ can answer
  quickly. It's isolated to your organization.
* **Only enabled areas.** Sensitive areas (like PrismHR payroll and benefits) stay **off** until
  you opt in. Turning an area off means we simply don't fetch it.
* **Documents = references only.** For HR document features, we read the *list* of documents —
  references and metadata — **never the file contents**.

## Isolation between organizations

Every piece of your data is scoped to your organization and protected by row-level security, so
one agency's data is never visible to another. AskHQ also respects each user's role — people only
see what they're permitted to.

## Controls you hold

<CardGroup cols={2}>
  <Card title="Choose data areas" icon="sliders">
    Enable or disable sensitive data areas per connection in **Admin Settings → Integrations**.
  </Card>

  <Card title="Disconnect anytime" icon="plug-circle-xmark">
    Disconnecting a system immediately stops further access.
  </Card>

  <Card title="Role-based access" icon="users-gear">
    Owners and admins manage connections; what each user sees is governed by their role.
  </Card>

  <Card title="Audited activity" icon="clipboard-list">
    Data queries are recorded, so there's a trail of what was accessed.
  </Card>
</CardGroup>
