Skip to main content

Security & Compliance FAQs

Does Hana undergo security scanning?

Yes. Hana's infrastructure is regularly scanned. The most recent scan yielded an ESOF score of 9.7. The scan inspected web endpoints, infrastructure configuration, dependency vulnerabilities and database access patterns. No critical issues were found. Minor findings were addressed immediately.

Is Hana certified?

Hana is CASA Tier‑‑2 certified. CASA Tier‑‑2 aligns with many controls found in frameworks like SOC‑ 2 and ISO 27001. This tier maps to enterprise-grade requirements for data encryption, access control and incident response.

How does Hana use OpenAI?

All AI traffic from Hana flows through OpenAI's Enterprise API. This ensures customer data is not used to train OpenAI's public models. Each request is tagged with Hana's enterprise tenant ID for audit purposes.

What are the defaults for memory storage and can admins change them?

By default, Hana stores user memories ON for better context. Organization admins can disable memory retention, specify retention durations or bulk delete stored memories at any time through the dashboard.

How are tokens stored?

Access tokens are encrypted at rest using industry standard algorithms and stored in a restricted database. Backup data and system logs are encrypted in the same manner.

How quickly are customers notified about security incidents?

If a breach is confirmed, Hana will notify affected customers within 72 hours. The main security contact is security@hanabitech.com.

Where is Hana hosted and is traffic secure?

Hana runs entirely on Google Cloud Platform with all traffic encrypted over SSL. Application data is stored in MongoDB Atlas.

How do users authenticate?

Authentication is handled via Google oAuth, providing a familiar and secure login flow.

Can users delete data or accounts?

Yes. Through the dashboard you can delete individual memories, your personal account or your entire organization account at any time.

Does Hana track conversations?

No. We never log or monitor conversation content.

How widely is Hana adopted?

Over 1,275 organizations have signed up and generated nearly 40K interactions with Hana so far.

Where can I read the Privacy Policy?

You can review our full Privacy Policy for details on how we handle data.

Is Hana available under a Business Associate Agreement?

Yes. For customers that handle PHI, Hanabi Technologies provides a Business Associate Agreement describing runtime-only data processing, encryption and breach notifications. Reach out to support@hanabitech.com to initiate the BAA process.