HARCHAtelier
Trust Center · Security & Compliance

Security built for
enterprise reputation.

We monitor the reputations of Morocco's largest companies. That means we hold ourselves to the same standards our clients are held to. Here's how we protect your data and ours.

GDPR Compliant
Loi 09-08 Compliant
SOC 2 In Progress
99.9% Uptime SLA
24/7 Incident Response
Compliance frameworks

Standards we adhere to.

Compliant
GDPR
EU General Data Protection Regulation
Compliant
Loi 09-08
Moroccan Data Protection Law (CNDP)
In progress (Q4 2026)
ISO 27001
Information Security Management
In progress (Q1 2027)
SOC 2 Type II
Service Organization Controls
Planned
ISO 9001
Quality Management System
Not applicable
HDS
Hébergeur Données de Santé (healthcare)
Security practices

How we protect your data.

🔒

Data encryption

TLS 1.3 for all data in transit
AES-256 at rest for all databases and backups
Encrypted secrets via HashiCorp Vault
Customer data isolated per tenant
🔑

Access control

Role-based access control (RBAC)
SSO via Google Workspace, Microsoft 365
Multi-factor authentication enforced
Just-in-time access for engineers

Infrastructure

Hosted on Vercel (SOC 2 Type II compliant)
Database: Supabase (ISO 27001, SOC 2)
Daily encrypted backups, 30-day retention
99.9% uptime SLA

Audit & monitoring

All access logged and retained 1 year
Real-time anomaly detection
Quarterly access reviews
Annual third-party penetration testing

Data handling

Data residency: EU (Frankfurt) by default
Customer data never used for model training
Right to deletion within 30 days
Data Processing Agreement (DPA) on request

Incident response

24/7 incident response team
Customer notification within 72 hours
Post-incident review within 14 days
Bug bounty program (critical: $5K)
Security inquiries

Have a security question?

Our security team responds to all inquiries within 24 hours. For urgent vulnerabilities, email security@harchcorp.com with PGP encryption.

Email security team →Request DPA