Built for Legal Confidentiality
Hanko AI handles sensitive legal documents. Security is not a feature we added after the fact. It is the foundation the platform is built on.
Encryption at Rest and in Transit
All documents and data are encrypted using AES-256 at rest. All traffic between your browser and our servers uses TLS 1.3. Your files are never stored unencrypted at any point in the pipeline.
Cryptographic Document Signing
The Hanko Digital Stamp uses ECDSA-P256 signatures managed by AWS KMS in the Tokyo region. Each stamp is cryptographically bound to its document. Tampering invalidates the signature immediately.
Japan Data Residency
Every storage operation, every database write, every backup is pinned to AWS ap-northeast-1 (Tokyo). This is enforced at the infrastructure level, not just policy. Your data does not leave Japan.
Tenant Isolation and Audit Logs
Every document, review, and agent run is scoped to your organization. Cross-organization access is architecturally impossible. Every action is logged with timestamp, user, model version, and token usage.
Responsible Disclosure
If you discover a security vulnerability in Hanko AI, please report it responsibly. We take every report seriously and will respond within 48 hours. We do not pursue legal action against good-faith researchers.
security@hanko.aiCompliance and Auditing
Hanko AI is designed to support organizations operating under Japan's Act on the Protection of Personal Information (APPI). All personal data processing is documented and auditable.
We conduct external penetration testing before each major release. Reports are available to enterprise customers under NDA. Contact us at security@hanko.ai to request the latest summary.