HomeTrust & Security

Security is not a feature.
It's the foundation.

We protect your data with defense-in-depth security, industry-leading compliance certifications, and full transparency.

Compliance & certifications

Independently audited and verified by leading standards bodies.

SOC 2 Type II

AICPA

Certified

ISO 27001

ISO

Certified

ISO 27017

ISO

Certified

ISO 27018

ISO

Certified

GDPR

EU

Compliant

HIPAA

HHS

Compliant

PCI DSS L1

PCI SSC

Certified

FedRAMP Moderate

GSA

Authorized

Security practices

Multiple layers of protection at every level of the stack.

Encryption at rest & in transit

All data encrypted with AES-256 at rest and TLS 1.3 in transit. Customer-managed keys (BYOK) supported.

Key Management (KMS)

Hardware-backed HSMs for cryptographic key generation, storage, and rotation.

Network isolation

Private VPCs with configurable firewall rules, micro-segmentation, and zero-trust architecture.

Identity & Access (IAM)

Fine-grained RBAC, SAML/OIDC federation, MFA enforcement, and session management.

Audit logging

Immutable audit logs for all API actions, admin operations, and data access events.

Physical security

Biometric access, 24/7 surveillance, redundant power, and ISO 27001-certified facilities.

Defense-in-depth architecture

PHYSICAL SECURITYNETWORK SECURITYIDENTITY & ACCESSYOUR DATAAES-256Biometric24/7 CCTVRedundantPower & CoolingDDoS ProtectionWAFMicro-segmentationTLS 1.3RBACMFA

Data residency

Choose where your data lives. We never move it without your consent.

United States

US-East (Virginia), US-West (Oregon)

European Union

EU-West (Amsterdam), EU-Central (Frankfurt)

Asia Pacific

AP-Southeast (Singapore), AP-Northeast (Tokyo)

Middle East

ME-South (Bahrain)

South America

SA-East (São Paulo)

Report a vulnerability

We take security seriously. If you discover a vulnerability, please report it through our responsible disclosure program.

Bug Bounty Program [email protected]