Hofund Mirror · OTM

Security overview

How the OTM system protects access and the consumer data flowing through it.

How we protect system access and user data

The measures protecting system access and the consumer data flowing through OTM. Read or copy as needed.

Access & identity

  • Invite-only — there is no public sign-up. Accounts are created by administrators.
  • Multi-factor authentication (MFA) is mandatory for every console user, using time-based one-time codes (TOTP).
  • Changing a password or email requires a freshly MFA-verified session.
  • Sign-in is email + password through a managed identity provider; the application never sees or stores raw passwords.

Authorization & data isolation

  • Role-based access control: admin, clinical reviewer, governance reviewer, and read-only roles, each limited to what it needs.
  • Row-level security is enabled on every database table; access is scoped to the engagement a user is authorized for.
  • An administrator can revoke a user's access immediately.

Transport & application hardening

  • All traffic is encrypted with TLS and enforced by HTTP Strict Transport Security (HSTS).
  • Hardened response headers: frame-deny (anti-clickjacking), no MIME sniffing, a strict no-referrer policy so sensitive page URLs never leak to third parties, a permissions policy disabling unused device APIs (camera, microphone, location), and Content-Security-Policy controls.
  • The API is protected by edge rate-limiting and always-on DDoS mitigation.

Privacy & consumer-data handling

  • No third-party advertising or analytics trackers, pixels, or SDKs — consumer activity is never shared with ad networks or data brokers.
  • Fonts and assets are self-hosted, so no third-party runtime requests can leak usage.
  • The console is excluded from search-engine indexing.
  • Behavioral data is governed by consent-based data-use controls, with consent required before sensitive data is ingested.

Auditability

  • An append-only audit log records governance-relevant changes — who changed what, and when.
  • The intervention engine records decision traces so its choices can be reviewed.

Continuous assurance

  • Every release runs automated security checks before it ships: data-isolation (RLS) coverage, access-control checks, and a guard that blocks any third-party tracker from being introduced.

Reporting a concern

  • If you spot a security issue, email security@hofundlabs.com or contact your Hofund administrator.

← Back to sign in