Platform
Solutions
Learn
FeaturesTypes, entities, agents, simulations, and more
AppsReady-to-deploy applications for common use cases
IntegrationsConnect your existing tools and data sources
ConsultingWork with our team to build and deploy solutions
Case StudiesSee how organizations use HASH in practice
User GuideGet started with HASH step by step
GlossaryKey terms and concepts explained
Developer DocsAPI references and technical documentation
Sign inSign up
    Sign inSign up

    Last updated 2026-04-02

    Security at HASH

    The security and integrity of user data is paramount at HASH. We have implemented comprehensive physical, human, systems, and software security measures to protect your data.

    Visit Trust Center
    Contact us

    Trust Center Controls

    Verified security controls

    Independently verified and tracked in our Trust Center by Vanta.

    Monitored by

    View controls

    Infrastructure Security

    Controls governing the security of our cloud infrastructure, network architecture, and production environments.

    • Hosted on AWS, GCP, Azure & Cloudflare
    • Encryption at rest and in transit (SSL/TLS)
    • Vulnerability scanning and threat monitoring
    • Business continuity and disaster recovery
    • Incident response with live status at status.hash.ai
    • more
    View controls

    Organizational Security

    Policies and procedures ensuring our people, processes, and organizational practices meet the highest security standards.

    • SOC 2 framework compliance
    • Independent third-party audits and pen testing
    • Employee background checks
    • Security awareness training for all staff
    • Confidentiality agreements for employees and contractors
    • more
    View controls

    Product Security

    How we build, test, and maintain the security of our products throughout the software development lifecycle.

    • Secure data transmission protocols
    • Data encryption at rest for sensitive customer data
    • Annual penetration testing and remediation
    • Comprehensive vulnerability management
    • Continuous system monitoring
    • more
    View controls

    Internal Security Procedures

    The internal processes, change management, and governance structures that keep our operations secure.

    • Business continuity and disaster recovery
    • Change management and authorization
    • SDLC methodology
    • Board oversight with security expertise
    • Defined roles and reporting lines
    • more
    View controls

    Data and Privacy

    Controls around how we classify, handle, retain, and dispose of data to protect your privacy.

    • Data classification and retention policies
    • Customer data purged on service departure
    • US Data Privacy Framework certified
    • EU-only hosting available via hash.eu
    • PCI-certified payment processing via Stripe
    • more

    Explore all controls

    View our complete list of verified controls, audit certifications, and FAQs

    Compliance & Certifications

    HASH maintains an Information Security Program following the SOC 2 Framework. Our organization undergoes independent third-party assessments, including penetration testing, at least annually.

    Vendor Risk Management

    We undergo at least annual risk assessments covering fraud, social, and insider risk. All vendors are reviewed prior to authorization, and payment processing is handled by Stripe, certified to PCI Service Provider Level 1.

    Incident Response & Uptime

    We maintain a documented incident response process with escalation procedures, rapid mitigation, and timely communication. Real-time service health is publicly available at status.hash.ai.

    GDPR Compliant

    HASH is fully compliant with the EU General Data Protection Regulation (GDPR). We offer EU-only hosting via hash.eu, and operate through entities and offices in the UK and Germany.

    Data Privacy Framework

    HASH is one of only a few thousand companies worldwide recognized under the EU-US Data Privacy Framework. We are also recognized and compliant under the UK Extension to the EU-US DPF as well as under the Swiss-US DPF.

    View DPF certification

    Subprocessors

    A full list of the subprocessors used by HASH is maintained in our Trust Center. Enterprise customers can customize the subprocessors used based on their security requirements. Contact us to learn more.

    View subprocessors

    Bug Bounty

    Responsible disclosure

    We value the work of security researchers who help keep our users safe, and operate a bug bounty program.

    Invitation to test

    To show our appreciation for security researchers, we operate a bug bounty that rewards the responsible, confidential disclosure of vulnerabilities.

    Bounty terms

    At its discretion, HASH may reward the responsible disclosure of design or implementation issues that could be used to undermine the confidentiality or integrity of our users' data. Qualifying vulnerabilities must:

    1. be disclosed to us privately with reasonable time to respond
    2. avoid compromising other users and accounts
    3. avoid the loss of funds that are not your own

    We do not reward reports relating to denial of service, spam, or phishing/social engineering vulnerabilities, and do not permit research in relation to these on our live systems without express prior written permission. We are unable to monetarily reward reports received from individuals or entities currently subject to UK, US or EU sanctions, or who have not agreed to our general terms.

    Have questions, want to report a vulnerability, or need permission to research?

    Get in touch

    Privacy & Legal

    Further details about how we protect your data can be found in our Privacy Statement and Legal policies.

    Privacy Statement
    Legal Policies

    Create a free account

    Sign up to try HASH out for yourself, and see what all the fuss is about

    By signing up you agree to our terms and conditions and privacy policy