Security Policy

Last updated: March 30, 2025

Our Commitment to Security

At Harblot, security is not just a feature—it's a foundational principle. We understand that our clients trust us with their most valuable asset: data. We take this responsibility seriously and have implemented comprehensive security measures to protect your information.

This Security Policy outlines our approach to safeguarding your data and maintaining the integrity of our systems. We employ industry-leading practices and technologies to ensure that your information remains secure, private, and available when you need it.

Zero-Trust Architecture

We implement a zero-trust security model that requires strict verification for anyone trying to access resources in our network, regardless of position or location. Every access request is fully authenticated, authorized, and encrypted before access is granted.

End-to-End Encryption

All data is encrypted both in transit and at rest using industry-standard encryption protocols. This ensures that your information remains protected at all times, whether it's being transferred or stored in our systems.

Continuous Monitoring

Our security operations center provides 24/7 monitoring of all systems and networks. Advanced threat detection tools identify and respond to potential security incidents in real-time, minimizing risk exposure.

Secure Infrastructure

Our infrastructure is built on secure cloud platforms with multiple layers of security controls. We implement defense-in-depth strategies that provide redundant security measures to protect against various attack vectors.

Compliance & Certifications

Harblot maintains compliance with industry standards and regulations to ensure the highest level of security for our clients.

SOC 2 Type II

We undergo regular SOC 2 Type II audits to verify our security, availability, and confidentiality controls.

ISO 27001

Our information security management system is certified to ISO 27001 standards.

GDPR Compliance

We adhere to GDPR requirements for processing and protecting personal data.

HIPAA Compliance

For healthcare clients, we maintain HIPAA compliance for handling protected health information.

Security Practices

Access Control

We implement strict access controls based on the principle of least privilege. This means that employees are only granted access to the specific data and systems they need to perform their job functions.

Multi-factor authentication is required for all access to systems containing client data
Regular access reviews ensure that permissions remain appropriate
Automated provisioning and de-provisioning processes for employee onboarding and offboarding

Data Protection

We employ multiple layers of data protection to safeguard your information:

Data classification to ensure appropriate handling of sensitive information
Data loss prevention tools to prevent unauthorized data exfiltration
Regular data backup and disaster recovery testing
Secure data deletion processes when information is no longer needed

Vulnerability Management

Our vulnerability management program includes:

Regular security assessments and penetration testing by independent third parties
Continuous vulnerability scanning of our infrastructure and applications
Timely patching of identified vulnerabilities
Secure development practices and code reviews

Incident Response

Despite our best preventive measures, we maintain a robust incident response plan to address any security events quickly and effectively.

Detection

Advanced monitoring systems identify potential security incidents in real-time.

Response

Our dedicated security team responds immediately to contain and mitigate any identified threats.

Communication

We provide timely notifications to affected clients in accordance with regulatory requirements.

Have Security Questions?

Our security team is available to address any questions or concerns about our security practices.