SECURITY

At Hamhey, security is at the core of everything we do. We understand that when you trust us with your personal information and relocation journey, you expect the highest level of protection. Our comprehensive security framework ensures your data remains safe, secure, and private at all times.

We continuously monitor, assess, and improve our security measures to stay ahead of emerging threats and maintain the trust you place in our platform.

Encryption Standards

• All data transmitted between your device and our servers is encrypted using industry-standard TLS 1.3
• Personal data is encrypted at rest using AES-256 encryption
• Database encryption keys are managed through secure key management systems
• All payment information is processed through PCI DSS compliant systems

Data Storage Security

• Data is stored in secure, certified data centers with 24/7 monitoring
• Regular automated backups with encryption and geographic distribution
• Access controls and audit logs for all data access
• Data retention policies to ensure information is not kept longer than necessary

User Authentication

• Secure password requirements with complexity validation
• Multi-factor authentication (MFA) available for enhanced security
• Session management with automatic timeout for inactive sessions
• Account lockout protection against brute force attacks

Internal Access Controls

• Role-based access control (RBAC) for all team members
• Principle of least privilege - access granted only as needed
• Regular access reviews and permission audits
• Comprehensive logging of all system access and changes

Network Security

• Advanced firewall protection and intrusion detection systems
• DDoS protection and traffic monitoring
• Virtual Private Cloud (VPC) with isolated network segments
• Regular security scans and vulnerability assessments

Application Security

• Secure coding practices and regular code reviews
• Automated security testing in our development pipeline
• Input validation and sanitization to prevent injection attacks
• Regular penetration testing by third-party security experts

24/7 Security Monitoring

• Real-time monitoring of all systems and applications
• Automated threat detection and alerting systems
• Security information and event management (SIEM) tools
• Regular security audits and compliance assessments

Incident Response

• Dedicated security incident response team
• Documented incident response procedures and escalation paths
• Regular incident response drills and training
• Transparent communication with affected users during incidents

We adhere to industry-leading security standards and regulatory requirements:

• GDPR Compliance: Full compliance with European data protection regulations
• ISO 27001: Information security management system standards
• SOC 2 Type II: Security, availability, and confidentiality controls
• PCI DSS: Payment card industry data security standards
• AWS Security: Built on Amazon Web Services' secure infrastructure