Security is the reason HorizonShield exists. We treat it as a continuous practice, not a checkbox — and we are deliberate about what we say in public, because attackers read these pages too.
How we think about security
- Defense in depth. No single control is treated as final. Identity, network, application, data, and operational layers each have independent guards.
- Least privilege. People and systems get the access they need to do their job, and no more. Access is reviewed regularly.
- Encryption. All customer data is encrypted in transit (TLS). Backups are encrypted at rest, with keys managed by HS Vault under split duty. Field-level encryption of stored personal data is being rolled out.
- Secure software lifecycle. Code is reviewed before merge, builds are reproducible, and dependencies are scanned and patched on a defined cadence.
- Continuous monitoring. HS Sentinel watches the platform around the clock. Anomalies are triaged by humans, not silently dropped.
- Incident readiness. We rehearse our response playbook so that when something does happen the first ten minutes are practiced, not improvised.
Customer-facing commitments
- Strong authentication for every customer account, with multi-factor required by default for privileged roles
- Regular internal security assessments; independent third-party assessment planned
- Tamper-evident audit trails for sensitive operations
- Tested backups with documented recovery objectives
- A breach-notification process that prioritizes affected customers first
Data handling
- Customer data is segregated between organizations
- Production access is restricted to a small number of trained personnel and is logged
- Customer data is not used to train external models
- Data residency requirements are honored where contractually agreed
Working with us
- Researchers — see our Responsible Disclosure page
- Customers — your dedicated security contact is your first call
- Everyone else — security@horizonshield.cloud