TRUST CENTER
Security architecture
Hisar is designed to keep your data inside your institution's boundary. The core elements are below.
On-premise boundary
All processing happens inside your boundary. The appliance makes no outbound calls by default and supports air-gapped deployment.
Secure boot & TPM
Hardware is secured with secure boot and TPM. Disk-encryption keys are generated on-device and ownership passes to the customer.
Signed offline updates
Updates are applied via cryptographically signed bundles without internet. Nothing installs before the signature is verified.
Role isolation
Divan defines roles, retention, and redaction. Who can ask what and what gets redacted is configurable and logged.
Audit log
Every action is logged. Evidence packs are generated ready for internal audit and regulator reporting.
Zero default data egress
The appliance does not phone home. Support access is customer-initiated, logged, and time-boxed.