AEGIS by Hu

Security

AEGIS by Hu is a multi-tenant compliance platform for regulated firms. The security model rests on six pillars; the live engineering documentation is at docs/SECURITY.md in the source repository, kept in lockstep with the controls described below.

The six pillars

1.Tenant isolation

Every database row carries a verified tenantId; every query filters by it; verified middleware overwrites any client-supplied tenant header before a route handler sees the request. Postgres Row-Level Security policies provide a database-level second line of defence — an application-layer bug that bypasses the filter still returns zero rows.

2.Authentication

Identity is provided by Clerk (SOC 2 Type II) — SSO, MFA, organisation-scoped sessions. Edge middleware verifies sessions; un-authenticated traffic never reaches a route handler. Demo mode is rejected in production by an env-var fail-safe.

3.Encryption

In transit: TLS 1.2+ on every external surface, HSTS pre-load eligible, nonce-based Content Security Policy without 'unsafe-inline' on script-src. At rest: Supabase Postgres uses AES-256 disk encryption. PII fields (KYC profile data, identity details) are additionally protected by application-layer field-level encryption — AES-256-GCM with per-tenant keys derived via HKDF-SHA256 from a master secret. A query that bypasses tenant isolation surfaces only opaque ciphertext to the wrong tenant.

4.Audit logging

Every regulatorily-significant action emits an entry to a hash-chained, append-only ledger. The published catalogue of auditable operations and tamper-detection properties is in the source repository (docs/AUDIT_TRAIL.md). The ledger’s public API exposes no mutation methods — write-once is enforced by construction in code and verified by automated regression tests.

5.Data residency

Tenants pick a region at signup (UK / EU_WEST / DIFC / SG / HK / US_EAST) and their data is pinned to that region’s database. The architecture is ready for additional regional deployments without route-handler changes — the multi-region rollout plan is published in the source repository.

6.Continuous monitoring

/api/health for uptime, /api/metrics for operational counters, structured JSON logs for every server-side event. Errors flow to Sentry with PII scrubbed via beforeSend. Infrastructure logs flow to Better Stack. SLOs and alert routing are documented internally.

Service-to-service authentication

Internal microservices verify every inbound request via HMAC-SHA256 signed headers (timestamp + nonce + body hash) using a shared INTERNAL_SERVICE_SECRET. A misconfigured firewall that exposes an internal service still rejects unsigned requests with 401 — the gateway is the only thing that can mint a valid signature. Defence in depth on top of network isolation.

Live status

Current platform health, subprocessor status pages, and our SLO commitments are at /status.

Vulnerability disclosure

Security researchers may report vulnerabilities to security@aegiscompliant.com. We commit to:

  • Acknowledging receipt within 2 business days.
  • Triaging and providing an initial assessment within 5 business days.
  • Acting in good faith — no legal action against researchers who report responsibly.

We are not currently running a paid bug bounty programme. Researchers who report valid vulnerabilities may be listed in the platform’s Hall of Fame on request.

Certifications & roadmap

AEGIS is bootstrap-stage. The following are in flight; we publish the plan rather than wait until the certificates are framed on the wall:

  • SOC 2 Type I — vendor selection in progress; target date set against first paying customer.
  • Independent penetration test — scoped, not yet booked.
  • Field-level encryption rollout — library landed and adopted on the highest-PII surface (KYC); other PII-bearing routes adopt incrementally.
  • EU data residency for Clerk — currently on the US free tier; migrating to Clerk’s Enterprise EU residency before the first EU regulated customer goes live with real data.

More detail

Customers and prospective customers can request:

  • The complete SECURITY.md with control mappings.
  • The platform-level DPIA.
  • The risk register, incident-response procedure, backup & restore runbook, subprocessor list (already public), and customer DPA template.
  • The most recent SOC 2 report (when available) and penetration-test summary (when available).

Reach security@aegiscompliant.com.

Last reviewed: 2026-06-25.