Security - Hanzo

Focus on what’s important. Leave the rest to us.

At Hanzo, we’re redefining data discovery with simplicity and efficiency. Our security experts tirelessly update systems and policies to meet standards trusted by Fortune 500 companies. With Hanzo, you’re equipped with enterprise-level security without the overhead of a dedicated team. Exactly what you need—nothing more, nothing less.

SOC2 Type 2 Certified

Simplicity and security go hand in hand. In October 2019, Hanzo achieved SOC2 Type 2 certification, a testament to our unwavering commitment to safeguarding data. This certification confirms our rigorous controls against unauthorized access, both digital and physical. An independent CPA firm adhering to AICPA’s stringent standards, meticulously audits our security practices, ensuring they’re not just promises but proven practices. Interested in diving deeper? Our SOC2 report awaits, ready to share under NDA whenever you are.

Trusted Approach

Hanzo’s enterprise ediscovery and compliance solutions are developed with industry best practices, legal defensibility, and security in mind. Companies trust and adopt our software into their enterprise ecosystems because Hanzo demonstrates its commitment to security across three critical security domains: company, application, and hosting provider.

Secure Architecture

Hanzo’s applications are designed to be secure, from the application development process to data retention to encryption, authentication, and authorization. All customer information is encrypted when transmitted to and from Hanzo’s applications and a customer’s web browser via HTTPS (data-in-transit). All customer information retained on Hanzo’s storage systems is encrypted using unique 256-bit encryption keys with strict access control (data-at-rest).

Access Controls & Authentication

Hanzo encourages all customers to use single sign-on (SSO) to ensure a secure authentication and user identification process. SSO allows your existing account provisioning and de-provisioning, and robust password controls.

Privacy Compliance

Hanzo respects the privacy and confidentiality of all customer data and strictly adheres to GDPR practices and protocols. We comply with the EU Global Data Protection Regulation and US domestic privacy regulations such as the California Consumer Privacy Act (CCPA) of 2018. For more specifics, visit the Hanzo privacy policy.

Data Retention

Hanzo Chronicle retains customer data per our customers’ instructions, with no automatic disposition or destruction of data. Customers can direct us to return and/or dispose of their data pursuant to their instructions. Hanzo Illuminate retains data if it is subject to a legal hold or compliance obligation. Once the hold or compliance obligation is removed, data no longer subject to a hold will be deleted automatically, and an audit record will remain to document the process.

Availability

Hanzo uses the top hosting providers in the world, such as Amazon AWS and Google Cloud, to ensure that we provide our customers with a secure environment that is always available.