Security architecture for financial execution

Hardalion is built for teams where errors are expensive and controls are non-negotiable.

This page summarizes our baseline security model across websites and products. Product agreements may include additional commitments. For personal data practices, see the Privacy Policy; for acceptable use and liability limits, see the Terms of Service.

TLS 1.3

Data in transit

AES-256

Encryption at rest

24/7

Security monitoring

Data & Encryption

  • • AES-256 encryption at rest
  • • TLS 1.3 for in-transit traffic
  • • Key management and rotation controls
  • • Sensitive paths isolated by design

Access Control

  • • Multi-factor authentication (MFA)
  • • Role-based access controls (RBAC)
  • • Session and token lifecycle controls
  • • Production access constrained to essential personnel

Monitoring & Response

  • • 24/7 monitoring and alerting
  • • Real-time anomaly and threat detection
  • • Tamper-evident audit trails
  • • Incident response playbooks and escalation paths

Compliance Posture

  • • GDPR compliant
  • • SOC 2 Type II and ISO 27001 on our roadmap
  • • Security controls designed for regulated environments
  • • Recurring security reviews and hardening
  • • Designed to support customers meeting applicable regulatory requirements (specific obligations depend on your jurisdiction and use case)

Vulnerability disclosure

If you identify a potential vulnerability, report it to security@hardalion.com with reproduction details. We support responsible disclosure and work with reporters to validate and remediate credible findings.

Operational resilience

We maintain incident response, backup, and recovery procedures aligned with system criticality. More specific response windows and notification commitments may be defined in enterprise agreements.

Payment and customer responsibilities

Payment card data is processed by our merchant and payment partners under their PCI DSS obligations. Security remains shared: enable MFA, protect credentials and API keys, and follow your internal access policies when connecting external tools.