The security and integrity of user data is paramount at HASH. Many businesses, including our own, rely on HASH simulations to process sensitive personally identifiable information, and to predict and manage critical business risks.
We have implemented a mix of physical, human, systems and software security measures to minimize risk. A number of the steps we take are outlined in our Privacy Guarantee.
All HASH employees and contractors sign non-disclosure agreements prior to beginning work. Access to platform infrastructure is strictly limited to engineers who require such access as part of their role, and we employ role-based access authentication by default throughout our systems. Access permissions are granted based on the principle of least privilege, and we enforce multi-factor authentication across our stack. System access attempts are logged, and controls are in place to prevent brute-force and other attacks.
Our payment processor, Stripe, has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.
We value the work of security researchers who help keep our users safe. To show our appreciation we operate a bug bounty that rewards the responsible, confidential disclosure of vulnerabilities. At its discretion, HASH may reward the responsible disclosure of design or implementation issues that could be used to undermine the confidentiality or integrity of our users’ data. Qualifying vulnerabilities must:
We do not reward reports relating to (i) denial of service, (ii) spam, or (iii) phishing/social engineering vulnerabilities, and do not permit research in relation to these to take place on our live systems without express prior written permission. To request such permission, please let us know your specific research interest by reaching out directly through the form at hash.ai/contact.
If you have any additional concerns or queries, please get in touch with us directly via the form at hash.ai/contact.
Policy last updated on 2020-04-10