Trust & Security
We protect the tools that protect your data. Here's how EmberHound handles your information and what you can request for your security review.
How data is processed
EmberHound follows a strict data minimisation architecture. No raw sensitive data ever leaves your endpoints.
Agent scans locally
All file scanning and pattern matching happen on the endpoint device (OCR analysis available as an add-on). The platform never accesses the file system.
Only masked previews uploaded
Sensitive values are redacted on-device before transmission. Only metadata and masked findings leave the endpoint.
No raw file storage
EmberHound never stores original files or raw sensitive data. Only fingerprints and masked previews are persisted.
Encrypted in transit
All communications use TLS 1.3 with certificate pinning. Findings metadata is encrypted at rest with AES-256.
Tenant isolation
Row-Level Security enforces strict multi-tenant data isolation at the database layer. Each organisation's data is completely separate.
Security architecture
Security is built into every layer of EmberHound's architecture.
Zero Data Exfiltration
Scanning happens on-device. Only metadata and findings are transmitted — never the raw sensitive data.
Encryption in Transit & at Rest
All communications use TLS 1.3. Findings metadata is encrypted at rest with AES-256.
Device Authentication
Every agent authenticates with a unique, rotating device token. Certificate pinning prevents MITM attacks.
Tenant Isolation
Row-Level Security enforces strict multi-tenant data isolation at the database layer.
Audit Trail
Every action — login, policy change, finding suppression — is logged with actor, timestamp, and IP.
In detail
Compliance alignment
GDPR Articles 5, 30, 32
Data minimisation, records of processing, and appropriate technical measures.
Learn more →Live operational status
Real-time uptime and incident history for the EmberHound console, API, agent ingestion, and authentication. Monitored every five minutes from an independent GitHub Actions workflow so the status page stays reachable even if our primary infrastructure is degraded.
Visit status.emberhound.com for current service status and historical uptime.
Reporting a vulnerability
If you believe you've found a security issue in EmberHound — in the cloud platform, the device agent, or our public website — please disclose it privately so we can investigate and remediate before any details are made public. We respond to every report and will not pursue legal action against good-faith researchers acting within scope.
Email security@emberhound.com with a description, reproduction steps, and any proof-of-concept material.
Request compliance documents
Data Processing Agreement
Standard contractual clauses and data processing terms for GDPR compliance.
Security Whitepaper
Technical deep-dive into our encryption model, agent architecture, and data handling.