Trust & Safety

Security

Security is built into every layer of HUMAINA™ — not bolted on afterwards.

AES-256 + TLS 1.2+

Encryption

SOC 2 Type II

Compliance

99.9%

Uptime SLA

72 hrs critical

Patch SLA

Infrastructure Security

  • HUMAINA™ runs on SOC 2 Type II-certified cloud infrastructure with redundant availability zones.
  • All production systems are isolated in private virtual networks with strict ingress/egress controls.
  • Automated vulnerability scanning runs continuously across all production services.
  • Dependency updates and security patches are applied within 72 hours of disclosure for critical vulnerabilities.

Data Encryption

  • All data in transit is encrypted using TLS 1.2 or higher. TLS 1.0 and 1.1 are disabled.
  • Data at rest is encrypted using AES-256 on all storage systems including databases, object storage, and backups.
  • Encryption keys are managed via a dedicated Key Management Service (KMS) with automatic annual rotation.
  • Enterprise customers may bring their own encryption keys (BYOK) for an additional layer of control.

Access Controls

  • Role-based access control (RBAC) is enforced across all internal systems — employees access only what they need.
  • Multi-factor authentication (MFA) is mandatory for all internal staff and strongly recommended for all customer accounts.
  • Privileged access to production infrastructure requires just-in-time (JIT) approval with full audit logging.
  • All access is reviewed quarterly; terminated employees are deprovisioned within one hour of offboarding.

Compliance & Certifications

  • SOC 2 Type II — annual audit covering Security, Availability, and Confidentiality trust service criteria.
  • GDPR-aligned data processing with Data Processing Agreements (DPAs) available for all customers.
  • HIPAA-aligned data handling for healthcare customers, including Business Associate Agreements (BAAs).
  • ISO 27001 certification in progress — target completion Q4 2026.

Incident Response

  • We maintain a documented incident response plan tested via tabletop exercises twice a year.
  • Security incidents are triaged within 1 hour of detection. Critical incidents are escalated to leadership immediately.
  • Affected customers are notified within 72 hours of a confirmed breach, in accordance with GDPR Article 33.
  • Post-incident reports are shared with enterprise customers upon request after remediation is complete.

Responsible Disclosure

  • We welcome reports from security researchers. If you discover a potential vulnerability, please report it responsibly.
  • Email security@humaina.ai with a clear description of the issue, reproduction steps, and potential impact.
  • We commit to acknowledging your report within 48 hours and providing status updates every 5 business days.
  • We do not pursue legal action against researchers who act in good faith under this policy.

Report a vulnerability: security@humaina.ai