BenchmarksStack Ranking
H33-VaultH33-ShareH33-ShieldH33-HealthH33-KeyH33-GatewayH33-128H33-CKKSH33-256H33-FHE-IQFHE OverviewH33-CompileZK LookupsBiometricsH33-3-KeyH33-MPCPQC ArchitecturePQ Video
APIsPricingDocsWhite PaperTokenBlogAboutSecurity Demo
Log InGet API Key

SECURITY & COMPLIANCE

Trust Center

SOC 2 (In Progress) — 100% (58/58 requirements · 183 controls) via Drata. Every policy, control artifact, and compliance document — searchable and downloadable. Built on NIST FIPS 203/204/205 standards.

SOC 2 (In Progress) HIPAA ISO 27001 GDPR PCI DSS
Remediation Tracker ISMS Scope Statement of Applicability
/

0 documents · Continuously monitored via Drata

CERTIFICATION ROADMAP

Compliance Timeline

Active certifications and planned milestones for H33 security compliance.

🛡
SOC 2 (In Progress)
100% — 58/58
Active
🏥
HIPAA
In Progress
Q3 2026
🌍
ISO 27001
In Progress
Q3 2026
🔒
GDPR
Ready
Active
💳
PCI DSS
Planned
Q4 2026

HIPAA COMPLIANCE

Health Data Protection

H33 protects PHI with post-quantum cryptography. Every health data field is encrypted with Kyber-1024, computed on with FHE, and audited with Dilithium-signed immutable logs.

Full HIPAA Details →

Security Management

§164.308(a)(1)

Risk assessment, treatment plan, and continuous monitoring via Drata. SOC 2 (In Progress) certified with 116 controls.

Implemented

Access Control

§164.312(a)

Unique user identification, session timeout, AES-256/Kyber-1024 encryption at rest. FHE enables computation without decryption.

Implemented

Audit Controls

§164.312(b)

Immutable append-only audit logs with SHA3-256 chain hashing. PHI field-level access tracking. 7-year retention.

Implemented

Transmission Security

§164.312(e)

TLS 1.2/1.3 on all connections. Kyber-1024 + AES-256-GCM hybrid encryption for harvest-now-decrypt-later resistance.

Implemented

Encryption at Rest

§164.312(a)(2)(iv)

All RDS instances and S3 buckets KMS-encrypted. EBS default encryption. Field-level Kyber-1024 for PHI via H33-Health.

Implemented

Contingency Plan

§164.308(a)(7)

Automated daily backups with KMS encryption. Multi-AZ RDS deployment. Point-in-time recovery on all production databases.

Implemented

ISO 27001 COMPLIANCE

Information Security Management

H33 is building its ISMS on SOC 2 (In Progress) certification, post-quantum cryptography, and continuous compliance monitoring via Drata and AWS Security Hub.

Full ISO 27001 Details →

Security Policies

A.5.1 – A.5.8

Documented information security policy, roles, responsibilities, and segregation of duties via Drata policy framework.

Implemented

Access Control

A.5.15 – A.5.18

IAM policies, MFA enforcement, 14-char password minimums, 90-day rotation, and role-based FHE permissions.

Implemented

Cryptography

A.8.24

Kyber-1024 key encapsulation, Dilithium signatures, AES-256-GCM symmetric encryption. All KMS keys with annual rotation.

Implemented

Logging & Monitoring

A.8.15 – A.8.17

CloudTrail (multi-region, KMS-encrypted), VPC flow logs, GuardDuty, AWS Config continuous recording, immutable audit logs.

Implemented

Network Security

A.8.20 – A.8.22

VPC network segmentation, locked default security groups, TLS 1.2/1.3, nginx rate limiting, IAM Access Analyzer.

Implemented

Incident Management

A.5.24 – A.5.28

Incident response plan with severity classification, escalation procedures, SNS alerting, and 14 CIS benchmark alarms.

Implemented

Request Access

RELATED

SOC 2 Compliance — Cryptographic proof of every security control via Drata → PCI-DSS Compliance — Post-quantum cardholder data protection → Enterprise Security — Post-quantum security architecture for enterprise → Post-Quantum Compliance — Regulatory readiness for the quantum transition →