We safeguard your records with the same uncompromising security as a Swiss bank vault, employing state-of-the-art encryption, rigorous access controls, and continuous monitoring to protect your sensitive information. Our commitment to data security is unwavering, with advanced protocols and regular audits ensuring your data remains confidential, secure, and accessible only to you. We take immense pride in delivering peace of mind, knowing your records are fortified by industry-leading standards designed to protect what matters most to you.

Effective Date: June 2026
At Homifax Inc. ("Homifax," "we," "our," or "us"), safeguarding the confidentiality, integrity, and availability of customer information is fundamental to our business. We maintain a comprehensive information security program designed to protect customer data, verified asset records, and platform infrastructure against unauthorized access, disclosure, alteration, loss, or destruction.
This Security Statement provides an overview of the administrative, technical, and organizational safeguards implemented by Homifax. It is intended for informational purposes only and does not amend or replace any contractual obligations between Homifax and its customers.
Homifax is engineered with security as a foundational design principle. Our platform incorporates layered security controls throughout the collection, verification, storage, transmission, and management of digital asset records.
Our information security program follows recognized industry standards and is continuously evaluated to address evolving cybersecurity threats, technological advancements, and applicable legal and regulatory requirements.
We are committed to maintaining controls that support SOC 2 Type II compliance, demonstrating our dedication to the Trust Services Criteria for Security, Availability, and Confidentiality.
Homifax maintains a risk-based security framework that includes administrative, technical, and physical safeguards designed to:
Security controls are periodically reviewed and enhanced as part of our ongoing risk management program.
Homifax implements commercially reasonable safeguards to protect information throughout its lifecycle.
Our security controls include, where appropriate:
Homifax operates on enterprise-grade cloud infrastructure designed for high availability, resilience, and security.
Infrastructure security includes:
Physical access to data centers is managed by our cloud infrastructure providers through multiple layers of physical security controls, including surveillance, biometric authentication, and restricted personnel access.
Customer data is hosted within secure data centers located in the United States. Customers with applicable regulatory or contractual requirements may request data residency within supported European Union regions, subject to service availability.
Access to customer information is strictly limited to authorized personnel with a legitimate business need.
Administrative access is governed by:
All privileged administrative activities are logged and subject to internal monitoring.
All communications between users and Homifax services are encrypted using HTTPS and Transport Layer Security (TLS) to protect against interception and unauthorized access.
Customer information and verified asset records are encrypted while stored within Homifax-managed infrastructure using industry-accepted encryption technologies.
Encrypted backups are maintained to support business continuity and disaster recovery objectives.
The integrity of verified records is central to the Homifax platform.
Homifax employs controls intended to preserve the authenticity, traceability, and evidentiary value of records throughout their lifecycle.
Verification events, ownership confirmations, approvals, and material record modifications are maintained through auditable workflows designed to support transparency and accountability.
Homifax utilizes secure approval workflows for sensitive operations, including ownership verification, access authorization, and administrative configuration changes.
Approval requests undergo identity verification before authorization.
Upon completion, authorized users receive confirmation through secure communication channels, providing an auditable record of the approval process.
For organizations requiring enhanced control over their information, Homifax supports configurations that allow record submission responses and associated data to be stored within customer-managed external databases rather than exclusively within Homifax-managed infrastructure.
Availability of this feature may depend on subscription level and implementation requirements.
Homifax maintains encrypted daily backups together with point-in-time recovery capabilities to minimize the risk of data loss.
Backup procedures are regularly validated to support operational continuity.
Our infrastructure is designed to support rapid recovery following significant service disruptions.
Where appropriate, Homifax maintains the capability to deploy duplicate production environments within alternate geographic regions to restore critical services and minimize operational downtime.
Homifax continuously monitors its production environment to identify:
Detected security events are investigated in accordance with our incident response procedures.
Homifax values the contributions of the security research community and encourages the responsible disclosure of security vulnerabilities.
If you believe you have identified a potential vulnerability affecting the Homifax platform, please contact:
Security Team
security@homifax.com
Please include sufficient technical detail to allow our security team to reproduce and investigate the issue.
Homifax may operate a vulnerability disclosure or bug bounty program from time to time at its discretion.
The collection, use, retention, and disclosure of personal information are governed by our Privacy Policy.
Homifax processes personal information only as necessary to provide our services, comply with applicable legal obligations, and protect the security and integrity of our platform.
Homifax does not sell customer personal information to advertisers.
Homifax is committed to maintaining security practices aligned with internationally recognized standards and applicable regulatory requirements.
Our security program is designed to support compliance with, where applicable:
As our platform evolves, additional certifications, attestations, and compliance reports may become available.
Questions regarding this Security Statement or Homifax's information security practices may be directed to:
Security & Compliance Office
We endeavor to respond to security-related inquiries as promptly as reasonably practicable.
Homifax reserves the right to modify this Security Statement at any time to reflect changes in our business operations, technology, legal obligations, or security practices.
Any updates will be published on this page together with a revised Effective Date.
Continued use of the Homifax platform following publication of an updated Security Statement constitutes acknowledgment of the revised version.
While Homifax employs commercially reasonable administrative, technical, and organizational safeguards designed to protect customer information, no method of electronic transmission, storage, or processing can be guaranteed to be completely secure. Accordingly, Homifax cannot warrant or guarantee absolute security and disclaims any representation that unauthorized access, cyberattacks, or other security incidents will never occur.