TRUST CENTER

Security architecture

Hisar is designed to keep your data inside your institution's boundary. The core elements are below.

On-premise boundary

All processing happens inside your boundary. The appliance makes no outbound calls by default and supports air-gapped deployment.

Secure boot & TPM

Hardware is secured with secure boot and TPM. Disk-encryption keys are generated on-device and ownership passes to the customer.

Signed offline updates

Updates are applied via cryptographically signed bundles without internet. Nothing installs before the signature is verified.

Role isolation

Divan defines roles, retention, and redaction. Who can ask what and what gets redacted is configurable and logged.

Audit log

Every action is logged. Evidence packs are generated ready for internal audit and regulator reporting.

Zero default data egress

The appliance does not phone home. Support access is customer-initiated, logged, and time-boxed.

← Trust Center