Security
How we protect your data
Security is fundamental to H1 Vault. Here's how we keep your documents and data safe.
Encryption at rest
All documents are encrypted using AES-256 before being stored. Encryption keys are managed separately from the data.
Encryption in transit
All connections to H1 Vault are encrypted with TLS 1.2+. We enforce HTTPS on all endpoints.
Access controls
Document-level permissions, buyer groups, and access phases let you control exactly who sees what and when.
Audit logging
Every action is logged with timestamps, user identity, and IP address. Audit logs are exportable for compliance reviews.
Magic link authentication
We use passwordless authentication via magic links. No passwords are stored on our servers, eliminating credential-based attacks.
Rate limiting
API endpoints and authentication flows are rate-limited to prevent brute force attacks and abuse.
Report a vulnerability
If you discover a security issue, please report it responsibly. We take all reports seriously.
Report a vulnerability