Security at Homifax

We safeguard your records with the same uncompromising security as a Swiss bank vault, employing state-of-the-art encryption, rigorous access controls, and continuous monitoring to protect your sensitive information. Our commitment to data security is unwavering, with advanced protocols and regular audits ensuring your data remains confidential, secure, and accessible only to you. We take immense pride in delivering peace of mind, knowing your records are fortified by industry-leading standards designed to protect what matters most to you.

Homifax Data Security Statement

Security

Effective Date: June 2026

At Homifax Inc. ("Homifax," "we," "our," or "us"), safeguarding the confidentiality, integrity, and availability of customer information is fundamental to our business. We maintain a comprehensive information security program designed to protect customer data, verified asset records, and platform infrastructure against unauthorized access, disclosure, alteration, loss, or destruction.

This Security Statement provides an overview of the administrative, technical, and organizational safeguards implemented by Homifax. It is intended for informational purposes only and does not amend or replace any contractual obligations between Homifax and its customers.

Our Security Commitment

Homifax is engineered with security as a foundational design principle. Our platform incorporates layered security controls throughout the collection, verification, storage, transmission, and management of digital asset records.

Our information security program follows recognized industry standards and is continuously evaluated to address evolving cybersecurity threats, technological advancements, and applicable legal and regulatory requirements.

We are committed to maintaining controls that support SOC 2 Type II compliance, demonstrating our dedication to the Trust Services Criteria for Security, Availability, and Confidentiality.

Information Security Program

Homifax maintains a risk-based security framework that includes administrative, technical, and physical safeguards designed to:

  • Protect customer information from unauthorized access or disclosure.
  • Preserve the integrity and authenticity of verified asset records.
  • Maintain service availability and operational resilience.
  • Detect, investigate, and respond to security events.
  • Continuously improve security through monitoring, assessment, and independent review.

Security controls are periodically reviewed and enhanced as part of our ongoing risk management program.

Data Protection

Homifax implements commercially reasonable safeguards to protect information throughout its lifecycle.

Our security controls include, where appropriate:

  • Encryption of data during transmission using current industry-standard TLS protocols.
  • Encryption of stored customer data.
  • Role-based access controls following the principle of least privilege.
  • Multi-factor authentication for privileged administrative accounts.
  • Comprehensive audit logging.
  • Continuous security monitoring.
  • Routine vulnerability management.
  • Secure backup and disaster recovery procedures.

Infrastructure Security

Homifax operates on enterprise-grade cloud infrastructure designed for high availability, resilience, and security.

Infrastructure security includes:

  • Redundant architecture across secure cloud environments.
  • Continuous infrastructure monitoring.
  • Network segmentation and firewall protection.
  • Intrusion detection and threat monitoring.
  • Secure configuration management.
  • Regular operating system and infrastructure patching.

Physical access to data centers is managed by our cloud infrastructure providers through multiple layers of physical security controls, including surveillance, biometric authentication, and restricted personnel access.

Customer data is hosted within secure data centers located in the United States. Customers with applicable regulatory or contractual requirements may request data residency within supported European Union regions, subject to service availability.

Access Management

Access to customer information is strictly limited to authorized personnel with a legitimate business need.

Administrative access is governed by:

  • Individual user identities.
  • Role-based permissions.
  • Multi-factor authentication.
  • Periodic access reviews.
  • Immediate revocation upon role changes or termination.

All privileged administrative activities are logged and subject to internal monitoring.

Encryption

Data in Transit

All communications between users and Homifax services are encrypted using HTTPS and Transport Layer Security (TLS) to protect against interception and unauthorized access.

Data at Rest

Customer information and verified asset records are encrypted while stored within Homifax-managed infrastructure using industry-accepted encryption technologies.

Encrypted backups are maintained to support business continuity and disaster recovery objectives.

Verified Record Integrity

The integrity of verified records is central to the Homifax platform.

Homifax employs controls intended to preserve the authenticity, traceability, and evidentiary value of records throughout their lifecycle.

Verification events, ownership confirmations, approvals, and material record modifications are maintained through auditable workflows designed to support transparency and accountability.

Secure Approval Workflows

Homifax utilizes secure approval workflows for sensitive operations, including ownership verification, access authorization, and administrative configuration changes.

Approval requests undergo identity verification before authorization.

Upon completion, authorized users receive confirmation through secure communication channels, providing an auditable record of the approval process.

External Data Storage

For organizations requiring enhanced control over their information, Homifax supports configurations that allow record submission responses and associated data to be stored within customer-managed external databases rather than exclusively within Homifax-managed infrastructure.

Availability of this feature may depend on subscription level and implementation requirements.

Business Continuity and Disaster Recovery

Business Continuity

Homifax maintains encrypted daily backups together with point-in-time recovery capabilities to minimize the risk of data loss.

Backup procedures are regularly validated to support operational continuity.

Disaster Recovery

Our infrastructure is designed to support rapid recovery following significant service disruptions.

Where appropriate, Homifax maintains the capability to deploy duplicate production environments within alternate geographic regions to restore critical services and minimize operational downtime.

Continuous Monitoring

Homifax continuously monitors its production environment to identify:

  • Unauthorized access attempts
  • Suspicious authentication events
  • Infrastructure anomalies
  • Application security events
  • Potential cybersecurity threats

Detected security events are investigated in accordance with our incident response procedures.

Responsible Vulnerability Disclosure

Homifax values the contributions of the security research community and encourages the responsible disclosure of security vulnerabilities.

If you believe you have identified a potential vulnerability affecting the Homifax platform, please contact:

Security Team
security@homifax.com

Please include sufficient technical detail to allow our security team to reproduce and investigate the issue.

Homifax may operate a vulnerability disclosure or bug bounty program from time to time at its discretion.

Privacy

The collection, use, retention, and disclosure of personal information are governed by our Privacy Policy.

Homifax processes personal information only as necessary to provide our services, comply with applicable legal obligations, and protect the security and integrity of our platform.

Homifax does not sell customer personal information to advertisers.

Compliance

Homifax is committed to maintaining security practices aligned with internationally recognized standards and applicable regulatory requirements.

Our security program is designed to support compliance with, where applicable:

  • SOC 2 Type II
  • General Data Protection Regulation (GDPR)
  • Industry-standard encryption protocols
  • Secure software development practices
  • Continuous security monitoring and risk management

As our platform evolves, additional certifications, attestations, and compliance reports may become available.

Contact

Questions regarding this Security Statement or Homifax's information security practices may be directed to:

Security & Compliance Office

security@homifax.com

We endeavor to respond to security-related inquiries as promptly as reasonably practicable.

Changes to this Security Statement

Homifax reserves the right to modify this Security Statement at any time to reflect changes in our business operations, technology, legal obligations, or security practices.

Any updates will be published on this page together with a revised Effective Date.

Continued use of the Homifax platform following publication of an updated Security Statement constitutes acknowledgment of the revised version.

Important Notice

While Homifax employs commercially reasonable administrative, technical, and organizational safeguards designed to protect customer information, no method of electronic transmission, storage, or processing can be guaranteed to be completely secure. Accordingly, Homifax cannot warrant or guarantee absolute security and disclaims any representation that unauthorized access, cyberattacks, or other security incidents will never occur.