We take your privacy and security seriously. We’ve been in the emergency space and choose our systems and processes wisely to keep your data secure.
Security & Legal
Built for emergency management.
Designed to be trusted.
We know you need your data secure, that’s why we built our system in the same trusted networks that government agencies throughout the U.S. use everyday to keep information safe and keep the public protected. Learn more out our system and how we use data securely below.
Infrastructure and Hosting
Cloud Provider
Amazon Web Services
Access Controls
Role-Based (RBAC)
Data Residency
United States Only
Authentication
MFA enforced
Encryption At Rest
AES-256
Encryption In Transit
TLS/HTTPS
All data is logically isolated by organization. No cross-tenant data access is possible. HAZDEX personnel do not access uploaded content except where required for security or legal purposes.
AI Processing
HAZDEX uses enterprise-grade AI services to process uploaded documents and generate after-action reports. All AI providers are bound by data processing agreements and implement enterprise-grade security controls.
HAZDEX will never use your uploaded content to train AI models without your explicit prior written consent.
Data Collection
What We Don’t Collect
Protected Health Information (PHI) — HAZDEX is not HIPAA-compliant; do not upload PHI
Classified government information or Controlled Unclassified Information (CUI)
Personal data for advertising, cross-site tracking, or sale to third parties
What We Do Collect
Account and contact information (name, email, job title, organization, agency type, jurisdiction)
Uploaded operational content (after-action reports, incident documents, audio, images) — processed to deliver the service
Usage data (pages visited, features accessed, session duration) — used in aggregate to improve the platform
Authentication and session data — used to maintain secure access
Certifications
Amazon Web Services
AWS infrastructure is independently SOC 2, ISO 27001, and ISO 27017 certified
Anthropic
Anthropic holds SOC 2 Type I & II and ISO 27001:2022 certifications
Data Processing
Data processing complies with the Maryland Online Data Privacy Act (MODPA)
A SOC 2 audit for HAZDEX is on our roadmap. Our infrastructure providers carry the certifications above, and our security architecture is designed with SOC 2 controls in mind from day one.