Security & Trust Center

Your data is protected by design. We combine strong encryption, least-privilege access, continuous monitoring, and clear processes so you can trust Halytic with your accessibility program.

Read our Privacy PolicyView system status
  • Encryption
    TLS 1.2+ in transit, AES-256 at rest
  • Access control
    Least privilege, SSO-ready
  • Data location
    AWS, regionalized storage

Data protection

  • Encryption

    Data in transit uses HTTPS with modern TLS. Data at rest is encrypted with AES-256. Secrets are stored in a managed secrets service.

  • Segregation & tenancy

    Logical separation per customer account. Access to customer artifacts is scoped to your org.

  • Backups & recovery

    Automated backups with tested restore procedures. RPO and RTO targets documented internally.

Application security

  • Secure development lifecycle

    Peer review, dependency scanning, and CI checks for OWASP Top 10 risks. Accessibility codemods are gated by circuit breakers and verification.

  • Authentication & RBAC

    JWT-based auth today. SSO (SAML/OIDC) and fine-grained roles on the enterprise roadmap.

  • Verification sandboxing

    Playwright verification is network-restricted and SSRF-guarded. Content fetching honors allowlists.

Infrastructure security

  • Cloud provider

    Hosted on AWS with hardened managed services. Network security groups, audit logging, and least-privilege IAM.

  • Monitoring & alerting

    App metrics, structured logs, and alerting for error rates, latency, and job queues.

  • Change management

    GitHub Actions to Vercel/Render with approvals. Rollbacks and artifact retention enforced.

Compliance & privacy

  • Privacy

    See our Privacy Policy and Terms of Service. GDPR-aligned data subject rights supported.

  • Standards mapping

    Reports map to WCAG 2.2 AA, Section 508, and EN 301 549. We are preparing for SOC 2.

  • Subprocessors

    We work with vetted subprocessors for hosting and email. See the subprocessors list.

Vulnerability disclosure

We appreciate responsible disclosures. Email security@halytic.ai with details and a way to reproduce. Do not access or modify data that is not yours, and avoid tests that degrade service. We will acknowledge receipt within two business days.

Incident response

  • Detection & triage

    24/7 alerting on key indicators. Severity classification and on-call rotation.

  • Containment & remediation

    Isolation, patching, key rotation, and communication protocols.

  • Customer notice

    We notify impacted customers without undue delay and provide post-incident reports.

Data retention & deletion

We retain artifacts only as long as needed to provide the service or as required by law. You can request deletion of your account data; we will confirm once complete.

Questions about security or privacy? Our team responds quickly and transparently.

Email security@halytic.aiSystem status