HybridLLM

Security & Compliance

HybridLLM is available for enterprise deployment in your Swiss infrastructure. Managed service options are available with security controls aligned to ISO 27001 practices.

Encryption Everywhere

  • TLS 1.3 for all data in transit (no dowgrade allowed)
  • AES-256 encryption for data at rest in Swiss data centers
  • End-to-end encryption for file uploads and knowledge bases
  • Encrypted backups with separate key management

Access Control & Authentication

  • Multi-factor authentication (MFA) available for Enterprise accounts
  • Single Sign-On (SSO) via SAML 2.0 (Enterprise plans)
  • Role-based access control (Owner, Admin, Member) with per-workspace permissions
  • Session management with automatic timeout and optional IP restrictions

Audit Logs & Compliance

  • Immutable audit logs for every user action (query, upload, export, delete)
  • Logs include timestamps, user IDs, IP addresses, and session metadata
  • Retention policies configurable per workspace (90 days to unlimited)
  • Export audit logs to SIEM tools (Splunk, Datadog, Azure Sentinel)

Infrastructure Security

  • Swiss Tier III+ data centers with biometric access controls and 24/7 physical security
  • Network segmentation and firewall rules at every layer
  • Triple-redundant compute nodes (Hidora HA stack) across Swiss availability zones—zero single-point-of-failure
  • Infrastructure certified to ISO 27001 and SOC 2 standards

Data Residency & Sovereignty

  • 100% Swiss hosting with no cross-border data transfers
  • Data Processing Agreement (DPA) included with every subscription
  • GDPR Article 28 compliant sub-processor list published quarterly
  • Right to data portability and deletion honored within 30 days

Incident Response & Business Continuity

  • 24/7 security monitoring with automated threat detection
  • Incident response plan with < 1 hour notification SLA for breaches
  • Daily encrypted backups with 30-day retention

Continuous Internal Audits & Release-Time Testing

  • Comprehensive offensive security testing integrated into CI/CD pipeline covering SAST, DAST, dependency CVE scanning, authentication edge cases, authorization checks, and configuration validation
  • Critical and High severity findings block production releases; remediation follows defined SLA processes
  • Regular purple-team exercises following OWASP MASVS and ASVS 4.0 frameworks with documented remediation tracking
  • External penetration testing conducted biannually by independent security firms; reports available under NDA to Enterprise prospects
  • Swiss-hosted bug bounty program with active community engagement and documented response processes

Detailed security testing reports, vulnerability management procedures, and independent audit summaries are available under NDA through the Security & Compliance Pack.

Certifications & Standards

ISO 27001

Infrastructure certified, platform certification in progress

SOC 2 Type II

Infrastructure certified for security and availability

GDPR & Swiss nLPD

Fully compliant with EU and Swiss data protection laws

Data Processing Agreement

Every HybridLLM subscription includes a compliant Data Processing Agreement (DPA). We act as a data processor under GDPR Article 28 and Swiss nFADP requirements.

View our DPA
Detailed Audit Coverage (Expanded)

1. Authentication & Session Management - Brute-force protection, token expiry, JWT signature validation, refresh-token rotation, logout race-conditions 2. Authorization & Access Control - IDOR (Insecure Direct Object References), RBAC bypass, workspace isolation, privilege escalation 3. Input Validation & Injection - SQL injection, NoSQL injection, XSS (stored, reflected, DOM-based), command injection, CSV injection in exports 4. Business Logic - Payment manipulation, quota bypass, negative balances, concurrency edge-cases 5. API Security - GraphQL introspection disabled in prod, rate-limiting per endpoint, CORS policy enforcement 6. Cryptography - TLS 1.3 only (no downgrades), proper CSP headers, no hardcoded secrets, secure cookie flags 7. File Uploads & Storage - MIME-type validation, malware scanning, S3 pre-signed URL expiry, path-traversal prevention 8. Compliance & Privacy - Audit log immutability, GDPR deletion flows, data retention policy enforcement

Security Questions?

Detailed security documentation and evidence are available under NDA in the Security & Compliance Pack.

View Security Pack