HEA4 Security

HEA4 uses HTTPS in transit and supports encrypted storage patterns for enterprise deployments. Customer data-plane deployments can be configured with customer-controlled KMS references where contracted.

Workspace data is scoped by organization and protected by backend authorization checks. Object access must be evaluated against the authenticated user, organization, and role before data is returned or modified.

HEA4 supports RBAC, MFA, passkeys for privileged platform access, short-lived access cookies, refresh-token rotation, and step-up checks for sensitive passkey operations.

Security-sensitive actions such as login failures, rate limits, password reset completion, passkey recovery, support access, role changes, and operational workflow changes are designed to be auditable.

HEA4 triages security events, rotates affected credentials, investigates tenant impact, and notifies affected customers according to contractual and legal obligations.

Report suspected vulnerabilities to security@hea4.com. The machine-readable policy is published at security.txt.