Security Your data security is our top priority
At Hectares.ai, we understand that the security of your project data and financial models is paramount. We employ industry-leading security practices and technologies to ensure your information remains protected at all times.
Security Overview End-to-End Encryption All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.
Access Control Role-based access control (RBAC) and multi-factor authentication (MFA) protect your account.
Infrastructure Security Hosted on AWS with SOC 2 certified data centers and redundant backups.
Team Security All employees undergo background checks and security training.
Encryption in Transit All API endpoints use HTTPS with TLS 1.2 or higher Certificate pinning for mobile applications Perfect Forward Secrecy (PFS) enabled HSTS (HTTP Strict Transport Security) enforced Encryption at Rest Database encryption using AES-256 Encrypted file storage for documents and exports Encryption keys managed by AWS KMS Regular key rotation procedures User Authentication Secure password requirements (minimum 8 characters, complexity rules) Optional two-factor authentication (2FA) via authenticator apps Single Sign-On (SSO) support for enterprise customers Session timeout and automatic logout features Account lockout after failed login attempts Access Management Role-based access control (Admin, Member, Viewer) Project-level permissions and sharing controls Audit logs of all access and modifications API key management with scope limitations Cloud Infrastructure Hosted on Amazon Web Services (AWS) Multi-region deployment for redundancy Auto-scaling to handle traffic spikes DDoS protection via AWS Shield Web Application Firewall (WAF) protection Operational Security 24/7 system monitoring and alerting Automated security scanning and vulnerability assessment Regular penetration testing by third parties Incident response team and procedures Disaster recovery and business continuity planning Data Handling Data isolation between customer accounts Regular automated backups (daily) Point-in-time recovery capabilities Data retention policies aligned with legal requirements Secure data deletion procedures Privacy Controls GDPR and CCPA compliant Data processing agreements available User data export capabilities Right to erasure (delete account and data) No selling or sharing of user data We maintain compliance with:
SOC 2 Type II - In progressISO 27001 - Planned for 2025GDPR - General Data Protection RegulationCCPA - California Consumer Privacy ActPCI DSS - Through our payment processor (Stripe)Help us keep your account secure by following these best practices:
Use a strong, unique password for your Hectares.ai account Enable two-factor authentication (2FA) Regularly review account access and project sharing Keep your browser and devices updated Be cautious of phishing attempts - we'll never ask for your password via email Use secure networks when accessing sensitive project data Log out when using shared computers In the unlikely event of a security incident:
We will immediately investigate and contain the incident Affected users will be notified within 72 hours We will provide clear information about the impact and our response A detailed post-incident report will be made available We will implement measures to prevent similar incidents Responsible Disclosure We appreciate the security research community's efforts in helping us maintain the security of our platform. If you discover a vulnerability:
Report Security Issues Email: security@hectares.ai PGP Key: Available upon request Please include: Description, steps to reproduce, and potential impact We aim to respond within 48 hours We offer a bug bounty program for qualifying vulnerabilities