Security Policy

Last updated: January 2026

At Hummingbird Security, we take the security of our systems and your data seriously. This document outlines our security practices and how to report security vulnerabilities.

Our Security Commitment

As a company focused on identity threat detection and response, we hold ourselves to the highest security standards. Our platform and infrastructure are designed with security as a foundational principle.

Infrastructure Security

  • All data is encrypted in transit using TLS 1.3
  • Data at rest is encrypted using AES-256
  • Our infrastructure is hosted on SOC 2 Type II certified cloud providers
  • We implement defense-in-depth with multiple security layers
  • Regular security assessments and penetration testing

Application Security

  • Secure software development lifecycle (SDLC)
  • Regular code reviews and static analysis
  • Dependency vulnerability scanning
  • Multi-factor authentication required for all accounts
  • Role-based access control (RBAC)

Data Protection

  • Minimal data collection principles
  • Data retention policies aligned with customer requirements
  • Secure data deletion procedures
  • Regular backup and disaster recovery testing

Reporting Security Vulnerabilities

We appreciate the security research community's efforts in helping keep our systems and users safe. If you discover a security vulnerability, please report it responsibly.

Report a Vulnerability

Email: [email protected]

Please include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Any suggested remediation

We will acknowledge receipt of your report within 48 hours and work with you to understand and address the issue promptly.

Contact

For security-related inquiries, please contact us at [email protected].