Skip to main content
HAiCapita
HomeSolutionsServicesPricingCollaborateContactDownload
Get started

Trust & Security

How we protect your data

HAiCapita is an Egypt-based information-security company. This is an honest look at our actual security posture — with no overstated claims.

We run our own storage

Your data is held in HAiCapita-operated PostgreSQL databases and MinIO object storage — not a third-party storage cloud. Data is encrypted in transit (TLS) and at rest.

Tamper-evident audit trail

Every state-changing action is written to a hash-chained, write-once (WORM) audit log. Reordering, deleting or altering a record breaks the chain and is detectable.

Sovereignty engine

Data and AI operations pass through a sovereignty engine so that the tenant’s jurisdiction drives behaviour — keeping processing aligned with the rules that apply to you.

MENA data residency

Our managed service stores data with MENA-region residency, designed for organisations that must keep data in-region.

Air-gapped option

The same platform ships as a fully air-gapped, on-premises deployment with zero external egress — all data stays inside your own infrastructure, with no external sub-processors.

Access control & MFA

Identity is managed by Keycloak with role-based access control and multi-factor authentication for administrators. Network access is fronted and protected by Cloudflare.

Sub-processors

We keep the list deliberately small. Our managed service uses only these two; the air-gapped deployment uses neither.

SendGrid (Twilio)Transactional email — verification codes and essential notices only.
CloudflareNetwork edge, DNS and secure tunnel. Not a data store.

Certifications

Honestly: we do not currently hold a third-party-certified SOC 2 or ISO certification. Our posture is self-assessed and we are working towards external certification.

In progressSOC 2Pursuing — not yet certified.
In progressISO/IEC 27001Aligned controls; certification in progress.
Self-assessedInternal security postureSelf-assessed today — see your tenant Trust Center for live coverage.

Breach notification

If a personal-data breach occurs that is likely to affect you, we commit to notifying the relevant controller — and, where we are the controller, affected individuals and authorities — without undue delay and within the timeframes the applicable law requires.

Want the full detail?

Read our Privacy Policy and Data Processing Addendum, or contact us for the sub-processor list and security measures.

Privacy PolicyData Processing AddendumContact us