Security & Trust
We take security seriously. CloudHaris is built with security-first principles to protect your infrastructure data and your customers' information.
Security
AES-256 encryption at rest and TLS 1.3 in transit for all data.
Data Centers
AWS multi-region GCC (Gulf Cloud) with full data residency controls.
Compliance
NCA ECC, GDPR, and SOC 2 certified. ISO 27001 in progress.
Incident Response
24/7 security team with 90-day responsible disclosure policy.
Sub-processors
CloudHaris uses the following third-party sub-processors to deliver the service. All sub-processors are subject to data processing agreements.
| Name | Purpose | Location | Data Types |
|---|---|---|---|
| Amazon Web Services | Cloud Infrastructure | Middle East (Bahrain) + GCC | All customer data, metrics, logs |
| Anthropic | AI-powered post-mortems & analysis | United States | Anonymized incident data |
| Twilio | SMS & voice alerting | United States | Phone numbers, alert messages |
| Firebase | Mobile push notifications | United States | Device tokens, notification content |
Responsible Disclosure
We believe in working with the security community to make CloudHaris safe for everyone. If you discover a security vulnerability, please report it responsibly. We commit to a 90-day disclosure timeline: we will acknowledge your report within 48 hours, investigate and remediate, and credit researchers who follow responsible disclosure.
Disclosure Policy