Security
Security at HalfByte
We build and operate software for industries where reliability and data integrity are non-negotiable. Security is structural — not an afterthought.
Report a vulnerabilityInfrastructure security
All production workloads run in SOC 2-certified cloud environments. Networks are segmented, access is role-based, and every service-to-service call is authenticated. Secrets are managed centrally and rotated automatically.
Data protection
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Database backups are encrypted and tested for recoverability. We enforce field-level encryption for sensitive categories such as payment credentials.
Application security
We follow OWASP secure development guidelines across all products. Code undergoes automated SAST and dependency scanning on every commit. Critical paths receive manual security review before release.
Access control
Production access is restricted to a minimal set of engineers and requires MFA, SSO, and a hardware key. All access is logged and audited. Privileged sessions are time-limited and reviewed quarterly.
Incident response
We maintain a documented incident response plan with defined severity levels, on-call rotations, and escalation paths. All security incidents are investigated, remediated, and disclosed to affected customers when warranted.
Compliance
We are working toward SOC 2 Type II certification. Our privacy practices align with GDPR and CCPA requirements. Enterprise customers may request a copy of our security documentation under NDA.
Responsible disclosure
If you discover a security vulnerability in any HalfByte product, please report it to security@halfbyte.com.br. We will acknowledge your report within 24 hours, keep you informed of our investigation, and credit researchers who help us improve our security with their permission.
We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it. We will not pursue legal action against researchers who act in good faith.