Trust Center

Security & Compliance at HAYANALYSIS

Transparency, security, and compliance are foundational to everything we build. Explore our certifications, architecture, and commitments.

Certifications & Compliance

πŸ›‘οΈ

SOC 2 Type II

Compliant

Independently audited for security, availability, processing integrity, confidentiality, and privacy controls.

Request Report β†’
πŸ“œ

ISO 27001

Aligned

Information security management system aligned with ISO 27001 international standards.

Learn More β†’
πŸ‡ͺπŸ‡Ί

GDPR

Compliant

Full compliance with the General Data Protection Regulation for EU data subjects.

Privacy Policy β†’
πŸ‡ΊπŸ‡Έ

CCPA

Compliant

California Consumer Privacy Act compliance for California residents.

Privacy Policy β†’
πŸ₯

HIPAA

Self-Hosted Ready

Self-hosted deployment option enables HIPAA-compliant security operations for healthcare organizations.

Learn More β†’
πŸ›οΈ

FedRAMP

In Progress

Working toward FedRAMP authorization for federal government deployments.

Contact Us β†’

Security Architecture

Our architecture is designed with security-first principles, giving you complete control over your data.

πŸ”—

BYODb Architecture

Bring Your Own Database means your security data never leaves your infrastructure.

  • Query your databases in real-time
  • Process in memory β€” no data stored
  • Support for 20+ database types
  • Zero data replication required
🏠

Tenant Separation

Complete isolation between customers in our multi-tenant SaaS environment.

  • Cryptographic isolation per tenant
  • Dedicated encryption keys via KMS
  • Network-level access controls
  • Isolated processing environments
πŸ€–

Bring Your Own LLM

Control your AI processing with your own models.

  • Azure OpenAI, AWS Bedrock, OpenAI API
  • Self-hosted models (Ollama, vLLM)
  • Prompts never touch our infrastructure
  • No training on your data β€” ever
πŸ”

Encryption

Industry-standard encryption for all data, everywhere.

  • TLS 1.3 for data in transit
  • AES-256 for data at rest
  • HSM-backed key management
  • Per-tenant encryption keys

Deployment Security

☁️ SaaS Deployment

Fully managed with enterprise-grade security

Infrastructure AWS / Azure (SOC 2, ISO 27001)
Tenant Isolation Cryptographic + Logical
Data Residency US, EU, APAC regions available
Encryption TLS 1.3 + AES-256
Access Control SSO, MFA, RBAC
Audit Logging Complete + Exportable
Penetration Testing Annual third-party
Uptime SLA 99.9%

🏒 Self-Hosted Deployment

Complete control in your environment

Infrastructure Your choice (any cloud / on-prem)
Tenant Isolation Dedicated instance
Data Residency 100% your control
Encryption Your keys, your policies
Access Control Your identity provider
Audit Logging Your SIEM / logging
Air-Gapped Fully supported
Source Code Review Available for enterprise

Security Practices

πŸ”’ Secure Development

  • OWASP guidelines
  • Mandatory code reviews
  • Automated SAST/DAST
  • Dependency scanning

πŸ›‘οΈ Infrastructure

  • Zero-trust architecture
  • Network segmentation
  • IDS/IPS monitoring
  • DDoS protection

πŸ‘₯ Access Control

  • Least privilege principle
  • MFA required
  • Regular access reviews
  • Automated deprovisioning

πŸ“Š Monitoring

  • 24/7 security monitoring
  • Real-time alerting
  • Incident response team
  • Regular threat hunting

πŸ” Testing

  • Annual penetration tests
  • Continuous vuln scanning
  • Bug bounty program
  • Red team exercises

πŸ‘¨β€πŸ’Ό Personnel

  • Background checks
  • Security training
  • Confidentiality agreements
  • Separation of duties

Security Documentation

Enterprise customers can request access to detailed security documentation:

πŸ“„ SOC 2 Type II Report
πŸ“„ Penetration Test Executive Summary
πŸ“„ Architecture & Data Flow Diagrams
πŸ“„ Security Questionnaire Responses (SIG, CAIQ)
πŸ“„ Data Processing Agreement (DPA)
πŸ“„ Vendor Risk Assessment Package
Request Documentation

Security Contact

Have a security question or need to report a vulnerability?

Security Inquiries

security@hayanalysis.com

Vulnerability Reports

security@hayanalysis.com PGP key available upon request

Response Time

We acknowledge all security reports within 24 hours