Enterprise Ready
Security and privacy at Harumi

Security
Our security and compliance program is built on documented policies, continuous monitoring, and recognized security frameworks.
ISO 27001 - In progress
We are building our information security management system (ISMS) in alignment with ISO 27001 best practices. This includes documented security policies, risk assessments, asset management, and continuous improvement of our security controls.
SOC2 Type II - In progress
We are actively undergoing our SOC 2 Type II audit through Vanta. Our security program includes documented policies, continuous monitoring, access controls, risk management, and employee security training aligned with the SOC 2 Trust Services Criteria.
LGPD & GDPR
Harumi processes personal data in accordance with the Brazilian LGPD and the European GDPR. We implement appropriate technical and organizational safeguards to protect customer data and support our customers' privacy obligations.
Controls
Our security program combines secure AWS infrastructure, strong access controls, continuous monitoring, and secure software development practices to help protect customer data and maintain platform reliability.
Hosted on AWS's secure, resilient cloud platform.
Secure network architecture
Monitoring and centralized logging
Automated backups and disaster recovery
Least-privilege access to production
Least-privilege access to systems and customer data.
Role-based access controls
Multi-factor authentication
Periodic access reviews
Immediate offboarding removal
Security integrated into the software development lifecycle.
Peer code reviews
CI/CD workflows
Dependency and vulnerability monitoring
Timely issue remediation
Alerting to detect potential security events.
Security event monitoring
Defined response procedures
Investigation and containment
Post-incident reviews
Processes supporting resilience and availability.
Regular backups
Disaster recovery planning
Infrastructure redundancy via AWS
Ongoing availability monitoring

