Hana is CASA Tier-2 certified, mapping to many SOC 2 and ISO 27001 style controls for encryption, access control, and incident response.

Security & Compliance FAQs

Q: Does Hana undergo security scanning?

Yes. Hana infrastructure is regularly scanned across endpoints, infrastructure, dependencies, and data access patterns, and findings are triaged and remediated based on severity.

Q: How does Hana use OpenAI?

All AI calls go through OpenAI Enterprise. Customer data is not used to train public models and requests are isolated under our enterprise tenant.

Q: What are the defaults for memory storage and can admins change them?

Memories are on by default for better context. Admins can disable retention, set durations, or bulk delete anytime from the dashboard.

Q: How are tokens stored?

Access tokens are encrypted at rest and stored in a restricted database. Backups and logs are encrypted as well.

Q: How quickly are customers notified about security incidents?

If a breach is confirmed, we notify affected customers within 72 hours. Our security contact is security@hanabitech.com.

Q: Where is Hana hosted and is traffic secure?

Hana runs on Google Cloud Platform. All traffic is encrypted over SSL and application data is stored in MongoDB Atlas.

Q: How do users authenticate?

Authentication is handled via Google OAuth for a familiar and secure login experience.

Q: Can users delete data or accounts?

Yes. Users can delete memories, personal accounts, or their entire organization through the dashboard.

Q: Does Hana track conversations?

Hana can store invocation and response records when invocation history is enabled. Admins can disable invocation history from dashboard settings if required by policy.

Does Hana undergo security scanning?

Yes. Hana's infrastructure is regularly scanned across endpoints, infrastructure configuration, dependencies, and data access patterns. Security findings are triaged and remediated based on severity.

Is Hana certified?

Hana is CASA Tier‑2 certified. CASA Tier‑2 aligns with many controls found in frameworks like SOC‑2 and ISO 27001. This tier maps to enterprise-grade requirements for data encryption, access control and incident response.

How does Hana use OpenAI?

All AI traffic from Hana flows through OpenAI's Enterprise API. This ensures customer data is not used to train OpenAI's public models. Each request is tagged with Hana's enterprise tenant ID for audit purposes.

What are the defaults for memory storage and can admins change them?

By default, Hana stores user memories ON for better context. Organization admins can disable memory retention, specify retention durations or bulk delete stored memories at any time through the dashboard.

How are tokens stored?

Access tokens are encrypted at rest using industry standard algorithms and stored in a restricted database. Backup data and system logs are encrypted in the same manner.

How quickly are customers notified about security incidents?

If a breach is confirmed, Hana will notify affected customers within 72 hours. The main security contact is security@hanabitech.com.

Where is Hana hosted and is traffic secure?

Hana runs entirely on Google Cloud Platform with all traffic encrypted over SSL. Application data is stored in MongoDB Atlas.

How do users authenticate?

Authentication is handled via Google OAuth, providing a familiar and secure login flow.

Can users delete data or accounts?

Yes. Through the dashboard you can delete individual memories, your personal account or your entire organization account at any time.

Does Hana track conversations?

Hana can store invocation/response records when invocation history is enabled for your organization. Admins can disable invocation history from dashboard settings if needed for internal policy alignment.

How widely is Hana adopted?

Hana is used across multiple organizations and teams. For current adoption references relevant to your procurement process, contact support@hanabitech.com.

Where can I read the Privacy Policy?

You can review our full Privacy Policy for details on how we handle data.

Is Hana available under a Business Associate Agreement?

Yes. For customers that handle PHI, Hanabi Technologies provides a Business Associate Agreement describing runtime-only data processing, encryption and breach notifications. Reach out to support@hanabitech.com to initiate the BAA process.

Does Hana undergo security scanning?​

Is Hana certified?​

How does Hana use OpenAI?​

What are the defaults for memory storage and can admins change them?​

How are tokens stored?​

How quickly are customers notified about security incidents?​

Where is Hana hosted and is traffic secure?​

How do users authenticate?​

Can users delete data or accounts?​

Does Hana track conversations?​

How widely is Hana adopted?​

Where can I read the Privacy Policy?​

Is Hana available under a Business Associate Agreement?​