Security and Data Handling Statement

Architectural principles

• explicit authority levels and organization-scoped visibility
• controlled mutation pathways and canonical data ownership
• audit-capable operational flows
• deterministic synchronization behavior
• validation and protection layers

Infrastructure protections

• encrypted HTTPS communication
• firewall-protected public infrastructure
• Tailnet-first communication with organization-local DB agents
• tenant-scoped local persistence and encrypted backup support
• secure authentication, session handling, and controlled gateway-to-service communication

Authentication and authorization

The platform uses authenticated access and organization-scoped authorization. Operational permissions and visibility permissions are intentionally separated.

Transactional email

HERMÉSZ uses transactional and operational email only. It does not operate unsolicited bulk marketing campaigns.

Development status and reporting

HERMÉSZ is in controlled pilot deployment and active operational development. Security hardening, auditability, and stability remain ongoing priorities.

To report a suspected security issue, email [email protected] with the subject prefix [security]. Do not include passwords, tokens, private keys, or sensitive personal records in the first message.