Trust & Compliance · Security posture

Trust Center: CMMC, FedRAMP, and Data Security.

How HomeSurvey.ai protects the data behind every AI survey.

Last updated: 22 June 2026

CMMC Level 1: MET Encryption in transit & at rest AWS · U.S. (us-east-1)
HELIXIQ, INC. · CAGE 21B33 CMMC LEVEL 1 · SELF-ASSESSMENT MET
01

CMMC Level 1: Federal Contract Information (FCI)

Self-assessment complete, MET on all controls, registered in SPRS.

Affirmed · 22 Jun 2026
02

CMMC Level 2 (CUI) & FedRAMP

Level 2 on AWS GovCloud, with FedRAMP authorization on the roadmap.

○ In process

Our commitment

HomeSurvey.ai is developed by HelixIQ, Inc. and is part of the Movegistics AI ecosystem. Our AI survey technology handles home inventory media for moves, including military moves, so protecting that data and meeting defense-community standards is foundational to the product. This page summarizes our security posture, our compliance status, and how the two evolve.

Corporate structure

Who operates what.

HelixIQ, Inc. is a Delaware corporation founded by the same principal as Netensity Corporation, which operates Movegistics AI. The two entities are bound by inter-company agreements governing IP licensing and operational coordination, and operate from separate AWS accounts, so each product's data is isolated at the infrastructure level.

Government reviewers and partners conducting diligence on the relationship can request the relevant documentation from the contact below.

Infrastructure & cloud

Built on AWS, in the United States.

AWS, U.S. region

HomeSurvey.ai runs on Amazon Web Services in the United States (us-east-1). AI processing for military moves is configured to run in U.S. regions, with no offshore handling of military-move data.

Separate AWS account

HomeSurvey.ai operates in its own AWS account, isolated from Movegistics. Product data does not commingle across the two environments.

Lean footprint by design

The platform is built with a deliberately minimal data footprint, which keeps the surface that has to be secured and audited small and well-understood.

Encryption & data handling

Encrypted in transit and at rest.

Encryption

Survey data is encrypted with TLS 1.3 in transit and AES-256 at rest, across our managed AWS data stores. Both are in place today.

U.S. data residency

Survey data for military moves is stored in the United States.

Data minimization

Survey media is retained only as long as operationally needed, with a short target purge window for military shipments. Retention is configurable per program.

CUI handling

When a shipment is designated as a military or GSA move, it is flagged at intake so CUI-relevant data is handled with the appropriate controls. This supports proper handling and the path to Level 2.

Compliance · CMMC & FedRAMP

Affirmed MET, and registered in SPRS.

SPRS Assessment Record Registered
Entity
HelixIQ, Inc.
CAGE Code
21B33
Assessment type
Final Level 1 Self-Assessment
Status
MET, affirmed by the senior official
Scope
Enterprise
CMMC UID
S100064261
Affirmed
22 June 2026
Expires
22 June 2027 · annual re-affirmation
Registered in the DoD Supplier Performance Risk System (SPRS) through PIEE.

HelixIQ, Inc. has completed the CMMC Level 1 self-assessment and affirmed MET status for every security requirement in FAR clause 52.204-21(b)(1). This supports the moving companies and Transportation Service Providers who use HomeSurvey.ai under the 2026 DP3 Household Goods Tender of Service, where CMMC Level 1 affirmation is required to handle Federal Contract Information (FCI).

Today HomeSurvey.ai, operated by HelixIQ, Inc., is CMMC Level 1 affirmed, covering Federal Contract Information (FCI). Our next stage is CMMC Level 2, the level that governs Controlled Unclassified Information (CUI): for CUI workloads we are moving to AWS GovCloud, a FedRAMP-authorized environment that provides the controlled foundation Level 2 requires. Application-level FedRAMP authorization builds on that GovCloud foundation and is pursued in step with our Level 2 work.

What Level 1 covers, and what it doesn't.

Covered today: Level 1

Federal Contract Information (FCI)

Basic safeguarding of FCI under FAR 52.204-21(b)(1). Affirmed MET, registered in SPRS, and re-affirmed annually.

Separate track: Level 2 & FedRAMP

Controlled Unclassified Information (CUI)

CUI falls under CMMC Level 2, a separate certification, on a FedRAMP-authorized GovCloud environment. We don't present Level 1 as authorization to handle CUI.

If you run military / DP3 moves

The CMMC Level 1 requirement is in effect. We've already met it.

Under the 2026 DP3 Household Goods Tender of Service, CMMC Level 1 affirmation is required to handle Federal Contract Information. When you use HomeSurvey.ai, the survey platform in your workflow has already affirmed MET and registered in SPRS, one less item on your own assessment.

FAR 52.204-21(b)(1) DP3 HHG ToS · A.2(c) SPRS · PIEE registered CAGE 21B33

Sub-processors

Who touches the data, and who doesn't.

We keep our sub-processor footprint small, and we separate the vendors that receive customer survey data from operational tooling that does not. We provide advance notice of material changes to subscribers under contract.

Data sub-processors

Receive survey data

  • Amazon Web Services (AWS), infrastructure, U.S. (us-east-1)
Operational tooling

Does not receive survey data

  • Google Analytics
  • Vercel
  • reCAPTCHA

Incident response

A clear path if something goes wrong.

HomeSurvey.ai maintains a documented incident response plan. In the event of a security incident affecting customer data, we move through containment, root cause analysis, customer notification, and remediation. Customers are notified without undue delay of any incident that materially impacts their data, with timeline commitments aligned to applicable contractual and regulatory requirements. Customers can report a suspected security issue at any time to security@homesurvey.ai.

Privacy

Privacy built into the survey.

We process personal data in line with our Privacy Policy. Survey media is retained only as long as operationally needed, and we honor data-subject requests as described there. On the roadmap: privacy by design, with automated detection and redaction of incidental personal information captured during a survey. Privacy questions and data requests can be sent to privacy@homesurvey.ai.

A note on shared responsibility

Our CMMC Level 1 affirmation reflects HelixIQ's assessment of the systems within our scope. It does not, by itself, make a customer compliant. CMMC Level 1 also covers how software is configured and used, so each company should conduct its own self-assessment to determine its own status.

Resources

Official references, straight to the source.

Contact

Need documentation for your vendor file?

Questions about our security or compliance posture, our corporate structure, or need records for your files? We respond promptly.

security@homesurvey.ai