Legal · How we keep your data safe
Trust & Security Policy
Summary of our technical and organizational security measures, uptime commitments, and vulnerability-disclosure process.
§1 · Security posture
- SOC 2 Type II certified (annual audit; report available under NDA).
- Encryption: TLS 1.3 in transit, AES-256 at rest.
- Infrastructure hosted on AWS (us-east-1) with multi-AZ failover.
- Principle-of-least-privilege access, enforced via SSO + hardware MFA for all staff.
- All code changes reviewed; production deploys logged and immutable.
§2 · Uptime commitments
| Plan | Target | Service credits |
|---|---|---|
| Free | Best effort | — |
| Premium | 99.9% | 10% / incident |
| Max | 99.95% | 25% / incident |
Live status: status.hustl.it.
§3 · Incident response
24/7 on-call rotation. Mean-time-to-detect is under 4 minutes for critical paths. Customers affected by a P0 incident are notified within 30 minutes and receive a full post-mortem within 7 days.
§4 · Responsible disclosure
Found a vulnerability? Email security@hustl.it with details. We ack within 24 hours. Eligible reports earn bounties from $250 (low) to $10,000 (critical). Full scope and safe-harbor terms at hustl.it/security.