Skip to main content
Trust · Security · Compliance

Security & Compliance

HYVE OVERLORD is built for defense, regulated, and enterprise environments. This page summarizes how the platform protects your data and where we stand on the frameworks your security team will ask about. For procurement or vendor due diligence, our full security package is available on request.

Compliance Posture

SOC 2 Type IIIN PROGRESS

Our SOC 2 Type II readiness program is underway. We operate under SOC 2-aligned controls (security, availability, confidentiality) today; the independent examination report will be made available to qualified customers under NDA on completion.

HIPAAAVAILABLE

HIPAA-ready architecture. HYVE OVERLORD runs inside your environment and we do not store your operational data or PHI — your patient data never leaves your control. A Business Associate Agreement (BAA) is available for qualified healthcare deployments.

CMMC Level 2 · NIST 800-171POSTURE MONITORING

Built-in control mapping and continuous posture monitoring against CMMC Level 2 and NIST SP 800-171, with reporting that supports your assessment evidence. This is posture monitoring and control alignment — not a certification of your environment.

US Data ResidencyAVAILABLE

US-only product. Customer data resides in the United States and, for the desktop platform, within your own environment. International interest is routed to an export-compliance review (EAR / ITAR) before any engagement.

How We Protect Your Data

Your data stays in your environment

The OVERLORD + Raptor desktop platform runs on your machines and activates offline (Ed25519, verified locally). Nothing phones home; we do not collect or store your operational data, telemetry, or PHI.

Post-quantum encrypted control channel

The Shield-to-Command channel is encrypted at the application layer with NIST ML-KEM-768 (FIPS 203) — in addition to TLS — protecting threat intelligence against the “harvest now, decrypt later” threat model.

Encryption at rest

Local secrets and key material are sealed with OS-native key stores (Windows DPAPI / platform secure storage), never written in plaintext.

Tenant isolation

Multi-tenant data is isolated at the database layer with row-level security; cross-tenant access is denied by default. Privileged operations run server-side under least privilege.

Least privilege & audit trail

Role-based access control with an immutable audit trail across administrative and security actions. Control-plane writes require explicit authorization and fail closed.

Offline-first, no lock-in

Licenses are offline-verifiable and perpetual-capable — no license server, nothing to phone home, no dependency on us to keep your deployment running.

Need our security package?

For vendor security reviews we provide a control overview, architecture summary, data-flow description, and a BAA on request. SOC 2 Type II report shared under NDA on completion.

Request the security packageDownload the Security Overview (PDF)

This page describes our security architecture and the control frameworks we engineer to. Each framework’s status is stated explicitly above. Engineering to a framework’s controls is not the same as a third-party certification of your environment; formal attestations (the SOC 2 Type II report) and executed agreements (BAA) are provided directly to qualified customers under NDA as part of procurement. HYVE OVERLORD and Raptor are US-only, export-controlled products (EAR / ITAR).