Everything You Need to Know About Our Security, Compliance, and Data Practices.
Frequently Asked Questions
Is Heka GDPR-compliant?
Where is Heka’s data stored?
Does Heka use AI or machine learning models?
How does Heka ensure data accuracy?
What kind of data does Heka collect and process?
Inside Heka’s
Trust Framework
Data Center Security
Heka operates on secure AWS infrastructure, leveraging enterprise-grade protections across physical facilities, networks, and cloud services. Additional controls are implemented at the application layer to safeguard sensitive data and ensure high availability. This layered approach provides a secure, scalable foundation for clients.
.svg){kind=icon}
Network Security
Heka's network is protected by multiple layers of defense, including web application firewalls, two-factor authentication, and continuous monitoring. These measures are designed to detect and block unauthorized activity, ensuring that client data remains secure and systems remain stable.
.svg){kind=icon}
Cloud Security Architecture
Heka’s cloud environment is managed through infrastructure-as-code and built for security from the ground up. All configuration changes are tightly controlled, pass through automated checks, and are subject to audit and approval workflows. Unauthorized changes to production systems are automatically flagged and escalated. Heka uses cloud-native security controls - including strict authentication, access restrictions, and network segmentation - to safeguard its infrastructure and isolate internal environments.
.svg){kind=icon}
Data Sources & Acquisition Controls
Heka exclusively processes publicly available, open-source web data. No credentialed, private, or login-gated sources are used. All data is passively accessed and vetted to ensure compliance with legal and ethical standards - supporting responsible, transparent intelligence delivery.
.svg){kind=icon}
System Security
Access to Heka’s systems is governed by strict role-based controls and a zero-trust framework. Only authorized personnel using designated, secured machines can interact with sensitive systems. This access model helps reduce the risk of unauthorized exposure and enforces least-privilege principles across the organization.
.svg){kind=icon}
Data Protection and Management
All data handled by Heka is encrypted in transit and at rest. Personally identifiable information is automatically deleted after processing, and client data is returned or destroyed upon request. These safeguards help ensure compliance while minimizing unnecessary data exposure.
.svg){kind=icon}
Cryptography
Heka applies modern cryptographic practices - including centralized key management, cloud security posture monitoring, and behavior analytics - to protect client data. These tools help detect emerging threats, enforce encryption, and maintain control over secure infrastructure.
.svg){kind=icon}
Security Awareness
Heka fosters a culture of security awareness across the organization. Every employee receives dedicated training on data protection, privacy, and compliance during onboarding and on a recurring basis. These programs are reinforced by signed non-disclosure agreements and routine background checks - helping ensure that secure practices are embedded into day-to-day operations.
.svg){kind=icon}
Audits and Compliance
Heka maintains a comprehensive audit and compliance program to meet global data protection standards and regulatory expectations. Regular reviews help ensure that internal policies align with industry best practices, and that potential vulnerabilities are identified and addressed. Heka engages independent third parties to assess its security and privacy practices — including penetration testing and other technical evaluations — as part of its ongoing commitment to transparency and trust.