Security

HiddenLayer is committed to safeguarding our customers’ data and ensuring the utmost confidentiality through our operational practices. We constantly strive to exceed industry standards and employ best practices that prioritize the protection of sensitive information through our data, systems and confidentiality processes.

• Data at Rest: All data stores containing customer data, along with S3 buckets, are encryption at rest. This advanced encryption ensures that your data is shielded before it enters our databases. This means that neither physical access nor logical access to the database can compromise the confidentiality of your most sensitive information.

• Data in Transit: We utilize TLS 1.2 or higher across all data transmitted over potentially insecure networks. Additionally, we employ Virtual Private Networks (VPNs) to  maximize the security of our data in transit. Server TLS keys and certificates, managed by AWS, are deployed through Application Load Balancers, ensuring robust protection.

• Secret Management: Our encryption keys are managed using the AWS Key Management System (KMS), stored within Hardware Security Modules (HSMs). This approach prevents any direct access by any individuals, including Amazon and Vanta employees.The keys stored in HSMs are used for encryption and decryption via Amazon’s KMS APIs. Application secrets are securely encrypted and stored via AWS Secrets Manager and Parameter Store, and access to these values is strictly limited.

• User Authorization: Our system is designed with features and configurations that control user access, limiting access to only the information necessary for each of our employee’s roles.

• Intrusion Detection: To protect against security attacks originating outside of the boundaries of our system, we deploy intrusion detection systems that actively prevent and identify potential threats.

• Vulnerability Scans and Penetration Tests: We conduct regular vulnerability scans over the system and network, and penetration tests over the production environment.

• Incident Management: Regular vulnerability scans over the system and network, and penetration tests over the production environment.

• Encryption Technologies: Encryption technologies are employed both at rest and in transit to protect customer data.

• Use of Data Retention and Data Disposal

• Uptime Availability of Production Systems

• Encryption Technologies: Utilization of encryption technologies to protect system data both at rest and in transit.

• Confidentiality Agreements: Our employees, contractors, and third parties are bound by confidentiality and non-disclosure agreements.

• Confidential Information: Only used for the purposes explicitly stated in agreements between HiddenLayer and user entities.

• Availability Commitments include, but are not limited to:
  • System performance and availability monitoring mechanisms to help ensure the consistent delivery of the system and its components.
  • Responding to customer requests in a reasonably timely manner.
  • Business continuity and disaster recovery plans that include detailed instructions, recovery point objectives (RPOs), recovery time objectives (RTOs), roles, and responsibilities.
  • Operational procedures supporting the achievement of availability commitments to user entities.