HuniDu
SOC 2 Type II Certified

Your family's data is
safe and secure

We take security seriously. From enterprise-grade encryption to regular third-party audits, every decision is made with your family's privacy and safety in mind.

Certifications & compliance

Independently verified security standards

SOC 2 Type II Certified
Independently audited for security, availability, and confidentiality controls
Certified
GDPR Compliant
Full compliance with EU data protection regulations
Compliant
CCPA Compliant
California Consumer Privacy Act compliance for US users
Compliant
ISO 27001 (In Progress)
International standard for information security management
Q3 2026

How we protect your data

Multiple layers of security to keep your family's information safe

End-to-end encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your family's information is protected at every step.

Secure infrastructure

Hosted on Supabase (AWS) and Vercel with enterprise-grade security, automatic backups, and 99.9% uptime SLA. Infrastructure is monitored 24/7.

Privacy by design

We collect only what's necessary and never sell your data. Your family's information belongs to you, not advertisers or third parties.

Role-based access control

Granular permissions ensure family members only see what's appropriate for their role. Parents control access, teens get autonomy, kids stay safe.

Incident response

Dedicated security team with 24/7 monitoring and a documented incident response plan. We'll notify you within 72 hours of any breach affecting your data.

Regular security audits

Quarterly penetration testing by independent security firms, plus continuous automated vulnerability scanning and dependency updates.

Data protection in detail

Technical safeguards at every layer

Encryption at rest

AES-256 encryption for all stored data including documents, photos, and personal information.

Encryption in transit

TLS 1.3 for all connections between your devices and our servers. No unencrypted data transmission.

Secure authentication

OAuth 2.0 with Google, Microsoft, and Apple. Optional 2FA for additional account protection.

Data isolation

Row-level security ensures households can never access each other's data. Complete logical separation.

Automated backups

Daily encrypted backups with 30-day retention. Point-in-time recovery available for data restoration.

Secure deletion

When you delete data, it's permanently removed from all systems within 30 days, including backups.

Enterprise infrastructure

Built on trusted, battle-tested platforms

Supabase (PostgreSQL on AWS)
Database and authentication hosted on Amazon Web Services with automatic failover, daily backups, and point-in-time recovery
  • 99.9% uptime SLA with multi-region redundancy
  • Row-level security (RLS) for complete data isolation
  • Automated daily backups with 30-day retention
Vercel Edge Network
Application hosting on Vercel's global edge network for fast, secure delivery
  • Automatic DDoS protection and WAF (Web Application Firewall)
  • TLS 1.3 encryption for all connections
  • Zero-downtime deployments with instant rollback

Compliance standards

Meeting global privacy and security regulations

SOC 2 Type II

Annual third-party audit of our security controls, policies, and procedures.

GDPR

Full compliance with EU General Data Protection Regulation including data portability and right to deletion.

CCPA

California Consumer Privacy Act compliance for transparency and user control.

COPPA

Children's Online Privacy Protection Act compliance for users under 13.

Security incident response
We take security incidents seriously and have a documented response plan

24/7 Monitoring

Our security team monitors systems around the clock with automated alerting for suspicious activity, unauthorized access attempts, and anomalies.

Rapid Response

Security incidents are triaged within 1 hour and addressed immediately. Our incident response team follows a documented playbook for containment, investigation, and remediation.

Transparent Communication

If a breach affects your data, we'll notify you within 72 hours via email with details about what happened, what data was affected, and what steps we're taking.

Report a security issue:

security@hunidu.family

Security researchers welcome

We believe in responsible disclosure and work with security researchers to keep HuniDu safe. Our bug bounty program rewards researchers who help us identify vulnerabilities.

Questions about security?

Our security team is here to answer your questions and provide additional documentation.