Trust & Security
We are a security company. Our platform monitors your clients’ most sensitive data. We take that responsibility seriously.
Guaranteed Read-Only #
Hal never writes to your clients’ systems. No endpoint agents, no kernel drivers. All API tokens are read-only scoped — you control the permissions and can verify them yourself.
The July 2024 incident that crashed 8.5 million machines cannot happen here — there is nothing to push, nothing to break.
Complete Data Isolation #
Every customer gets a dedicated server instance — not a shared multi-tenant cluster. No noisy-neighbor performance impact. No shared database, no cross-customer data access.
Choose your datacenter region. Your data stays in that region.
Credentials Never Touch a Public Site #
Client credentials (M365 tenant IDs, GWS service account keys) are entered on your dedicated instance, behind authenticated access. They never pass through our marketing site or any shared infrastructure.
Encryption #
In transit. All data encrypted via TLS 1.3. Client log data flows over encrypted VPN tunnels or HTTPS. No log data traverses the public internet unencrypted.
At rest. All stored data resides on encrypted NVMe block storage.
Credentials. API keys and secrets stored in environment files on your dedicated instance, never in shared databases or third-party credential stores.
Open Detection Rules #
Pattern detection uses SigmaHQ — open-source, community-maintained, auditable. No proprietary black-box detection logic. Every rule update comes from the public SigmaHQ repository.
Digitally Signed Reports #
PDF reports carry PAdES-B-T digital signatures with RFC 3161 timestamps. Cryptographic proof of when the report was generated and that it hasn’t been tampered with. Suitable for compliance evidence and legal proceedings.
Full Cost Transparency #
Bring your own AI API keys — costs appear on your invoice, not ours. The self-service portal tracks every AI action: start time, end time, API call count, exact cost. No hidden fees, no markup on AI usage.
No Vendor Lock-In #
- Open-source SIEM engine
- Standard detection rules (Sigma)
- Your data on your dedicated server
- Switch AI providers without platform changes
Business Continuity #
- Automated daily backups to geographically separate storage
- Hourly health checks monitoring ingestion, storage, and platform components
- Automatic service recovery via container health checks
- Dynamic lookback in ingestion pipelines recovers missed data after outages
Compliance #
SOC 2. We are pursuing SOC 2 Type I certification.
HIPAA. We offer a Business Associate Agreement (BAA) for customers with healthcare clients.
Vendor security questionnaires. We maintain current responses to standard questionnaires. Contact us for a copy.
Third-Party Dependencies #
| Provider | Purpose | Compliance |
|---|---|---|
| Cloud hosting provider | Dedicated server and block storage | SOC 2 Type II |
| Cloudflare | TLS termination, DDoS protection | SOC 2 Type II, ISO 27001 |
| Tailscale | Encrypted VPN for log ingestion | SOC 2 Type II |
| AI provider (customer BYOK) | AI analysis | SOC 2 Type II |
There are no articles to list here yet.