TRUST POSTURE

Trust posture

How Hael protects customer data, methodology integrity, and audit-chain provenance.

Data residency

EU data residency available on enterprise plans. Tenant infrastructure pinned to a single region for the lifetime of the contract; cross-region replication only with written consent.

Default regioneu-west-2 · London

EU residency optioneu-central-1 · Frankfurt

DatabasePostgres · Supabase managed

Encryption

Data is encrypted in transit and at rest with industry-standard primitives. Key custody is managed by the cloud KMS; envelope encryption for tenant secrets.

In transitTLS 1.3

At restAES-256-GCM

Key managementAWS KMS · per-tenant DEK

Authentication

Workforce SSO via SAML 2.0 and OIDC. MFA enforceable per tenant. Role-based access control with separation of duties between governance authors, approvers, and read-only auditors.

SSOSAML 2.0 · OIDC

MFATOTP · WebAuthn

RBACAuthor · Approver · Auditor · Admin

Audit chain integrity

Every governance event is hash-chained. Each entry stamps the actor, action, payload digest, and the previous entry's digest, producing a tamper-evident chain that is locally verifiable by any auditor.

Hash functionSHA-256

Chain primitiveprev_hash → entry_hash

MethodologyVersioned · pinned per artefact

Sub-processors

The current sub-processor list is published and versioned. Material changes carry a 30-day notice window before they take effect.

View sub-processor list →

Vulnerability disclosure

Coordinated disclosure programme with safe-harbour terms for good-faith research. Triage SLA: 24h acknowledgement, 72h initial assessment.

Security programme →

Status page

Real-time platform availability, scheduled maintenance windows, and historical incident reports.

status.hael.ai

SECURITY REVIEW

Request a security review pack.

SOC 2 Type II evidence, penetration test summary, DPIA template, and customer security questionnaire — sent under NDA.

Request security pack