Security at Family Hubble

Overview

Family Hubble follows industry best practices for safeguarding customer data across our people, processes, and technology. We continuously improve our security posture and review controls on an ongoing basis.

Data Protection

• Encryption in transit: All connections use TLS (HTTPS) with modern ciphers to protect data between clients and our services.
• Encryption at rest: Customer data is encrypted at rest using AES-256 or stronger, managed by our cloud provider.
• Secrets management: API keys and credentials are stored securely and never hard-coded in source control.

Access Control

• Least privilege: Internal access follows least-privilege principles with role-based access controls.
• Multi-factor authentication: MFA is enforced for administrative access to production systems.
• SSO: Support for Single Sign-On (SSO) is available for enterprise plans.

Application Security

• Secure SDLC: Code changes undergo review and automated checks before release.
• Dependency scanning: We monitor third-party libraries and promptly remediate known vulnerabilities.
• Environment separation: Development, staging, and production are logically separated.

Infrastructure Security

• Hardened cloud infrastructure: Hosted on reputable cloud providers with strong physical and network controls.
• Network protections: Firewalls, private networks, and security groups restrict traffic to necessary services only.
• Monitoring and alerting: Centralized logging and alerts for anomalous activity.

Vulnerability Management

• Patching: Regular updates and security patches across our stack.
• Testing: Internal testing and periodic third‑party assessments to identify weaknesses.
• Bug reporting: See Responsible Disclosure for how to report issues.

Incident Response

We maintain a documented incident response plan covering detection, containment, remediation, and post‑incident review. Customers are notified of any material impact in accordance with contractual and legal obligations.

Business Continuity & Backups

• Automated backups: Routine backups with integrity checks.
• Disaster recovery: Regularly tested restoration procedures and defined recovery objectives.

Data Retention & Deletion

Customer data is retained for the duration of the subscription and deleted upon request or within a defined period after account closure, except where retention is required by law.

Compliance

Our controls align with common frameworks (e.g., SOC 2, ISO 27001) and privacy regulations such as GDPR. Formal certifications may be in progress; please contact us for the latest status.

Subprocessors

We use vetted subprocessors to deliver our service. A current list is available upon request.

Responsible Disclosure

If you believe you’ve found a security vulnerability, please email security@familyhubble.com. We ask that you follow responsible disclosure practices and give us reasonable time to remediate before public disclosure.