Security at Hexel Studio

Trust is the foundation of our platform. We are deeply committed to protecting your data.

v1.2Last Updated: July 20, 2025

Jump to section

Our CommitmentCore PrinciplesInfrastructure SecurityData Security & PrivacyApp & Model SecurityIdentity & AccessComplianceMonitoring & ResponseResponsible Disclosure

1. Our Commitment to Security

Security is not an afterthought; it is a core principle embedded in every layer of our engineering, operations, and company culture.

2. Core Security Principles

Security by Design

Built into every phase of development.

Zero Trust

"Never trust, always verify."

3. Platform & Infrastructure

  • Secure Cloud: Built on AWS.
  • Network Isolation: Production environments operate within a VPC.

4. Data Security & Privacy

Protecting confidentiality and integrity is our priority.

EncryptionTLS 1.2+ in transit and AES-256 at rest.
Secret ManagerCredentials are encrypted in a hardened vault.

5. Application & Model Security

  • Secure Development: Peer reviews and automated testing.
  • AI-Specific Threats: Safeguards against prompt injection.

6. Identity & Access Management

We utilize Role-Based Access Control (RBAC) and enforce Multi-Factor Authentication (MFA).

7. Compliance & Governance

We comply with GDPR/CCPA and are working towards SOC 2.

8. Monitoring & Incident Response

We use advanced anomaly detection and have a dedicated Incident Response Plan.

9. Responsible Disclosure

If you find a vulnerability, please report it promptly.

security@hexelstudio.com