How Heimdall protects itself
Heimdall is a defensive platform. We hold ourselves to the same standard we ask our customers to.
Authentication
One-time password authentication only. No long-lived passwords are stored. JWT bearer tokens are short-lived and rotated. Every login is forensically logged — IP, geo, browser, OS, device.
Rate limiting & abuse
Per-IP and per-email rate limits with exponential backoff. New-country logins trigger admin email alerts. Active sessions can be force-revoked by an administrator at any time.
Transport & at-rest encryption
All traffic is TLS 1.3. The database is encrypted at rest. Daily backups are encrypted before they leave the host and rotated against a thirty-day retention window.
Network posture
Heimdall Cloud is deployed behind a hardened cloud firewall — inbound limited to administrative and HTTPS ports only. Application services bind privately; a reverse proxy handles all public traffic and enforces HSTS.
Audit logging
Every state-changing action is logged with the actor, IP, and target object. Audit logs are tamper-evident and retained for the lifetime of the deployment.
Vulnerability disclosure
If you have found a vulnerability in Heimdall, email security@heimdallsees.com. We acknowledge within 24 hours and triage within five business days. We do not pursue legal action against good-faith researchers.
Supply chain
All container images are built from pinned base layers and scanned on every release. Dependency updates are automated and reviewed. The platform's language-model stack runs entirely on-premise — no cloud model providers in the trust boundary.