How we keep your data safe.

Humane AI is a behavioral intelligence layer used by healthcare, fintech, and agent platforms. Security isn't a bolt-on — it's designed into the boundary between your app, our engines, and downstream LLM providers. The summary:

• TLS 1.3 everywhere, HSTS preloaded, auto-renewed Let's Encrypt certificates via Caddy.
• Bcrypt password hashing (cost factor 12), HttpOnly + Secure session cookies.
• Tenant-scoped queries — every model has user_id or tenant_id; cross-tenant access is structurally impossible in the ORM layer.
• HMAC-SHA256 webhook signatures with timestamp, Stripe-style (t=<ts>,v1=<hex>) — you verify us and we verify you.
• SSRF guard (assert_public_url) blocks loopback, RFC1918, and cloud metadata targets on every user-supplied URL.
• Audit logs for admin actions (AdminAuditEvent), retained 2 years.
• HIPAA BAA available on the Scale tier and all Enterprise contracts.
• SOC 2 Type II engagement beginning Q3 2026.

The platform runs on Contabo Cloud VPS (Mumbai region), an EU-owned operator with its India POP in BSE Mumbai. Services run as Docker containers on a single-tenant host, orchestrated via Docker Compose and health-checked by systemd- managed restart policies.

• Frontend (Next.js) and API (FastAPI + uvicorn) are isolated containers on a private network.
• Postgres 16 runs in its own container, reachable only over the compose network.
• Caddy terminates TLS, handles HTTP/3, and routes /api/* to the backend + /* to the frontend.
• Off-host backups (encrypted, versioned) run nightly to a separate region.

Live platform status is always viewable at /status.

All public traffic is TLS 1.3. Legacy TLS (1.0 / 1.1 / 1.2) is disabled at the Caddy edge. HSTS is set to max-age=31536000; includeSubDomains; preload. HTTP is auto-redirected to HTTPS with HTTP/3 enabled for supporting clients.

Certificates are issued by Let's Encrypt and renewed 30 days before expiry. The status page probes the certificate's notAfter field and fires an alert if it drops below 14 days.

The Postgres data directory lives on NVMe-backed block storage with at-rest encryption enabled at the hypervisor layer. Application-level encryption is used for specific fields:

• Passwords → bcrypt (cost 12), never stored in plaintext.
• OAuth provider refresh tokens → encrypted with Fernet before write; keys rotated annually.
• API keys → stored hashed; the cleartext is displayed exactly once, at creation.
• Webhook signing secrets → same pattern; rotate via dashboard.
• Unsubscribe tokens → HMAC-signed, 30-day TTL.

Nightly encrypted backups go to a separate region. Recovery is tested quarterly; current RPO is ≤ 24h and RTO is ≤ 2h on the Scale plan.

Supported sign-in methods:

• Email + password with bcrypt; rate-limited login with exponential backoff after repeated failures.
• Google OAuth (Sign in with Google).
• SAML SSO on the Enterprise tier (Okta, Azure AD, Google Workspace tested).

Sessions use HttpOnly, Secure, SameSite=Lax cookies with a 30-day sliding TTL. Cookies are scoped to the product subdomain via COOKIE_DOMAIN. Sign-out revokes the session server-side and clears the cookie client-side. Password changes invalidate all other sessions.

JWTs are signed with JWT_SECRET (48-byte random, rotated annually). Keys are stored only in environment variables on the host — never in the repo, never in image layers.

Multi-tenancy is enforced at the ORM layer: every core model (Engine, EndUser, ConversationMessage, Experiment, …) has a user_id or tenant_idcolumn. Every router reads the caller's user from the authenticated request and filters queries by that id. There is no “shared admin view” that spans tenants.

Team membership is modelled explicitly in the Team and TeamMember tables with per-member roles (owner, admin, member, viewer). Role changes are audit-logged.

Outbound webhooks are signed Stripe-style: each request carries a Humane-Signature: t=<unix_ts>,v1=<hex> header where the signature is HMAC-SHA256(secret, t + "." + body). Verify before acting. Tolerate at most 5 minutes of skew.

Webhook deliveries are retried on 5xx or network error with exponential backoff (1s, 4s, 16s, 64s, 256s) for up to 24 hours. Persistent failures fire a webhook_failingtransactional email to the account owner and are visible on the dashboard's Webhook Monitor.

Every user-supplied URL passes through assert_public_url before any outbound fetch. It rejects:

• Loopback (127.0.0.0/8, ::1).
• RFC1918 private ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).
• Link-local (169.254.0.0/16).
• Cloud metadata hosts (169.254.169.254, EC2 / GCP / Azure IMDS).
• file://, gopher://, and other non-HTTP schemes.

Outbound HTTP uses httpx with strict timeouts (connect 5s, read 30s) and a 10 MB response-size cap. DNS is resolved with a pin against the same allow list to prevent rebinding attacks.

Per-key and per-IP rate limits are enforced at the API edge via a sliding-window counter. Authenticated calls get the ceilings advertised on /pricing; unauthenticated marketing endpoints (FAQ search, waitlist, support contact) are capped at 60 req/min per IP.

Brute-force login attempts are throttled with exponential backoff. Idempotency keys de-duplicate retries on mutating endpoints for 24 hours. Account creation from a new IP triggers an email verification step before write access is granted.

Sensitive actions — credential creation, data export, data erasure, plan change, team membership change, billing method change — are written to the admin_audit_events table with actor, action, resource, before-state, after-state, and a monotonic timestamp. Logs are retained 24 months and are exportable on request.

Application-level access logs (Caddy + uvicorn) are forwarded to a hardened log collector and retained 90 days. PII in log bodies is scrubbed before persistence.

Python dependencies are pinned in requirements.txt; JavaScript dependencies are pinned in package-lock.json. Dependabot opens PRs for security advisories, which we triage within 3 business days.

Container images use minimal base layers (python:3.13-slim, node:22-alpine) built in multi-stage Dockerfiles. Build artifacts are scanned with Trivy in CI; high-severity CVEs block the merge.

Production access is restricted to named operators via SSH key auth (no passwords) on a non-default port. All operator sessions are tmux-recorded for 90 days. Secrets live in environment variables on the host, loaded from an encrypted secrets file withdirenv; no secret ever lands in the repo or image layers.

Alembic schema integrity is verified on every boot — if the database is at a revision below head, the backend refuses to start in production. Status checks (/status) probe DB latency and schema parity every 60s.

Incident response follows a written runbook with severity tiers (SEV-1 through SEV-4), an on-call rotation, and a 24-hour breach-notification commitment for any event involving Customer Data.

• HIPAA: Business Associate Agreement available on the Scale plan and in all Enterprise contracts. Technical and administrative safeguards per 45 CFR §164.308 / §164.312 are enforced on BAA-scoped tenants.
• GDPR / UK GDPR: Article 28 processor obligations met via our Data Processing Addendum.
• CCPA / CPRA: In compliance; no sale of personal information.
• SOC 2 Type II: engagement begins Q3 2026, report targeted for Q2 2027.
• ISO 27001: gap assessment scheduled for Q4 2026.

If you believe you've found a vulnerability, email security@humaneai.vaarak.com. We commit to:

• Acknowledge within 24 hours.
• A triage decision within 72 hours.
• A fix plan within 7 business days for high-severity issues.
• Not pursue legal action against good-faith researchers who follow this policy.

We'll credit you in release notes if you'd like, and — once our bug bounty program is live (Q4 2026) — will pay monetary rewards for qualifying reports.