Trust & Security
HarborGuard scans the software supply chain, so we treat our own security posture as a first-class product feature. This section is the public-facing summary that vendor-risk and procurement teams can rely on during due diligence.
HarborGuard is an early-stage product, and this Trust section is an honest snapshot of where we are today rather than a roadmap of where we plan to be. We are not currently engaged in any formal compliance audits and hold no third-party certifications yet. We will update each page as the product matures, audits begin, and certifications are issued — so customers and prospects can follow our progress with confidence.
At a glance
| Area | Status |
|---|---|
| SOC 2 Type II | Not yet pursued — planned as we mature |
| ISO 27001 | Not yet pursued — planned as we mature |
| HIPAA BAA available | Not currently offered |
| PCI-DSS scope | Out of scope (card data handled by Stripe) |
| FedRAMP | Not pursued |
| Encryption in transit | TLS 1.2+ |
| Encryption at rest | AES-256-GCM envelope encryption for credentials |
| Customer data residency | US (primary) |
In this section
Certifications
Where HarborGuard stands on formal audits today, and how that will change as we mature.
Data Protection
Encryption, key management, retention, and deletion commitments.
Sub-processors
Third parties that may process HarborGuard customer data.
Incident Response
Notification commitments and the incident severity model.
Vulnerability Disclosure
Coordinated disclosure policy and researcher safe-harbor terms.
Contact
- Security and disclosure:
security@harborguard.co - Privacy and DPA requests:
privacy@harborguard.co - Vendor due diligence:
trust@harborguard.co