Encryption at every hop. Regional data residency. Token rotation. SOC 2 path. PDPA + GDPR + EU AI Act + NYC LL144 today.
01 · Encryption
TLS 1.3 in transit. AES-256 at rest. Per-tenant data-encryption-key rotation on a 90-day cadence. Webhook payloads HMAC-SHA256 signed (X-Challenge-Token header, constant-time comparison) so the only way to forge a candidate submission is to leak a per-repo secret that doesn't exist outside the runner.
02 · Residency
Singapore (asia-southeast1), US (us-central1), EU (europe-west1) regional pinning. Tenant data never leaves its pinned region. Cross-region replication off by default; opt-in only with explicit recruiter consent for disaster recovery, and the consent itself is logged in the audit trail.
03 · Compliance
Live: NYC Local Law 144 §20-871 disclosure, EU AI Act risk-tier mapping, GDPR (right-to-erasure honored across data/ + Postgres + GitHub repos), Singapore PDPA. Path: SOC 2 Type II by Q3 2026. The trust report (hirona.ai/trust) lists the full subprocessor inventory + last-reviewed dates.