Hyperscience Security Overview

At Hyperscience, protecting customer data is at the core of everything we do. Our security program is built on leading standards, independently validated by third-party audits, and continuously improved to stay ahead of evolving threats.

Certifications and Compliance

We align our program with globally recognized frameworks and undergo independent assessments to demonstrate effectiveness. Current certifications and attestations include:

AICPA SOC logo

SOC 2 Type II

We undergo an annual independent SOC 2 Type II audit that evaluates the design and operating effectiveness of our security, availability, and confidentiality controls over a defined period of time. This report provides assurance that Hyperscience consistently enforces the policies, processes, and technical safeguards necessary to protect customer data. Reports are available to customers under NDA.

FedRAMP logo

FedRAMP High Authorization

Our SaaS solution, delivered in partnership with Palantir FedSTART, is authorized at the FedRAMP High impact level. This means it meets the most rigorous U.S. federal security requirements for protecting controlled unclassified information (CUI). FedRAMP High includes over 400 controls across access control, audit and accountability, incident response, and system integrity, making our platform suitable for agencies and contractors operating in highly regulated environments. View the Hyperscience FedRAMP Market Authorization

Cyber Essentials Certified Plus logo

Cyber Essentials Plus

We maintain Cyber Essentials Plus certification, which is verified through an independent technical audit. This assessment validates that we have strong baseline defenses against common cyber threats, including secure configuration, boundary firewalls, patch management, malware protection, and access controls.

Alignment with HIPAA, GDPR, and CCPA

Our security and privacy practices are designed to support compliance with key privacy regulations:

  • HIPAA We implement administrative, physical, and technical safeguards to help protect personal health information (PHI).
  • GDPR We provide features to support customer compliance with EU data protection obligations, including data subject access, export, and deletion capabilities.
  • CCPA We support customer responsibilities under California law by enabling role-based access controls, data minimization, and secure deletion workflows.

Security Practices

Our layered security program includes:

Vulnerability and Patch Management: Continuous scanning of infrastructure, code, and dependencies, with a regular patch cycle and hotfixes for urgent issues.

Penetration Testing: Annual independent penetration test at both the network and application levels to identify and remediate potential vulnerabilities.

Encryption Everywhere: AES 256 encryption for data at rest and TLS 1.2+ for data in transit. Keys are managed through secure services such as AWS KMS and HashiCorp Vault.

Secure Software Development Lifecycle (SDLC): Security is built into every stage of product development. We conduct threat modeling and security self-assessments during design, enforce secure coding standards during implementation, run automated scans and peer reviews on all code, and perform vulnerability scanning before release. Each release must pass security and quality gates before deployment.

Access Control: Strong authentication with MFA, SSO integration, and strict least privilege enforcement.

Logging and Monitoring: Centralized log collection across cloud and application layers, with automated alerting and continuous monitoring.

Incident Response: A documented and tested plan to detect, contain, and remediate incidents, including timely customer communication.

Business Continuity and Disaster Recovery: Annual testing,multi-AZ redundancy, solid backup strategy, and defined RPO and RTO targets.

People and Training

Technology is only part of security. Our people are a key defense.

  • All employees receive security and privacy training at onboarding and annually.
  • Monthly phishing simulations build resilience against social engineering.
  • Annual secure coding, change management, and SDLC trainings for engineers

Physical Security

Data centers in AWS, GCP, and AWS GovCloud via FedSTART are secured and certified against ISO 27001, SOC 2, and FedRAMP standards. Customers deploying on-premises remain responsible for the physical and infrastructure security of their environment.

Shared Responsibility

Hyperscience maintains the security of the application and infrastructure in our SaaS and FedRAMP environments. Customers are responsible for managing access and handling their own data within the system.

Trust and Transparency

We regularly review and update our policies, publish a security.txt with contact information, and welcome responsible security research from the community.

Need more information/documentation? Contact us at https://www.hyperscience.ai/contact/