FOR SERIOUS BUYERS & REVIEWERS
Technical Trust
Threat models, compliance posture, and operational details. The information you need before adopting Hexarch.
Security Model
Threat model, trust boundaries, cryptographic assumptions, and what Hexarch does not protect against.
- Control plane ↔ data plane trust
- Hash function and signature assumptions
- Failure modes and mitigations
- Non-goals and limitations
Audit & Compliance Posture
How evidence is produced, retained, verified, and exported. Mapping to SOC 2, GDPR, and HIPAA.
- Audit record structure and chain linkage
- Retention and archival policies
- Selective disclosure with Merkle proofs
- Compliance control mapping
Operational Model
Deployment patterns, runtime assumptions, upgrade procedures, and failure handling.
- Single-region and multi-region deployment
- Configuration distribution and hot-swap
- Upgrade and rollback procedures
- Disaster recovery considerations
Our Approach to Trust
Verifiable, Not Trust-Me
Audit chains can be verified independently. You don't have to trust our database—check the hashes yourself.
Explicit Limitations
We document what Hexarch doesn't protect against. Security theater helps no one.
Code-Grounded Claims
Every capability claim references actual code constructs. No marketing that the product can't back up.
Questions?
If the documentation doesn't answer your security or compliance questions, that's a gap we want to fix.
View Public Repository