HaloFortress
Sign inStart free
Security & compliance

We hold ourselves to our customers' standard.

HaloFortress is built for teams that get audited. Continuous evidence collection, signed audit trails, region-pinned data residency, and the certifications you need to satisfy procurement.

Certifications

Compliance attestations and audit programs

SOC 2 Type II

Annual Type II report; continuous monitoring program.

ISO 27001

ISO 27001:2022 certified. Renewed annually.

HIPAA

HIPAA-aligned controls; BAA available on request.

FedRAMP Moderate

FedRAMP Moderate authorization. StateRAMP also available.

PCI-DSS

PCI-DSS Level 1 attestation.

GDPR

EU-region tenants. Standard Contractual Clauses + DPA.

Architecture

How HaloFortress is built

Per-tenant isolation

Each customer tenant runs in an isolated logical control plane with its own encryption keys.

Region pinning

Pick a tenant region during provisioning. Data stays in-region unless you opt to replicate.

AES-256 + TLS 1.3

Encryption at rest and in transit. CMK via AWS or Google KMS available on Enterprise.

Signed audit trails

Every policy decision is signed and exportable to your SIEM.

Continuous attestation

SOC 2 monitoring and ISO 27001 controls evaluated daily, not annually.

Sub-processors

Public sub-processor list. 30-day notice on changes via email and the trust center.

FAQ

Security questions, answered

What compliance certifications does HaloFortress hold?

SOC 2 Type II, ISO 27001:2022, HIPAA (covered entity and business associate), PCI-DSS Level 1, GDPR, and FedRAMP Moderate. We re-attest SOC 2 annually with a continuous monitoring program, not point-in-time audits.

Where is HaloFortress hosted?

AWS and Google Cloud across North America (us-east-2, us-west-2), EU (eu-west-1, eu-central-1), UK (eu-west-2), and APAC (ap-southeast-1, ap-southeast-2, ap-south-1). Customers choose a primary region during tenant provisioning. Data does not leave the chosen region without explicit consent.

How is customer data encrypted?

AES-256-GCM at rest with per-tenant data-encryption keys (DEKs) wrapped by per-region key-encryption keys (KEKs) in AWS KMS or Cloud KMS. TLS 1.3 in transit. Optional customer-managed keys (CMK) for Enterprise tier with per-tenant HSMs.

Does HaloFortress support customer-managed encryption keys?

Yes, on Enterprise. CMK via AWS KMS, Google Cloud KMS, or HSM-backed keys. Key rotation, audit logging, and revocation are managed from your cloud account, not ours.

How are vulnerabilities handled?

Continuous SAST/DAST in CI, third-party penetration tests twice a year (Bishop Fox and NCC Group), and a public bug bounty on HackerOne. Critical findings are remediated within 24 hours, high within 7 days, medium within 30, with public post-mortems for any production-impacting issue.

Where can I get HaloFortress security documentation?

The trust center at trust.halofortress.com hosts the SOC 2 Type II report, ISO 27001 certificate, HIPAA BAA, FedRAMP authorization, penetration test summaries, sub-processor list, and DPA. Most documents are available under NDA on request via security@halofortress.com.

For specific procurement requirements, contact security@halofortress.com. Public trust center at trust.halofortress.com.