Security is foundational to the Hackerdogs platform. As an AI-first OSINT intelligence platform, we handle sensitive data, API keys, and investigative workflows that require enterprise-grade security measures.

This Security Center outlines our comprehensive security framework, including:

• Encryption of all sensitive data, including LLM and API keys
• World-class Cloudflare infrastructure for DDoS protection and availability
• Private tunneling architecture for secure service deployment
• Multi-layered access controls and authentication with Auth0
• Continuous monitoring and incident response capabilities
• Compliance with industry standards and regulations

We are committed to maintaining the highest standards of security while providing transparency about our practices, limitations, and shared responsibilities.

2.1 Encryption of LLM Keys

All LLM (Large Language Model) API keys and credentials provided by users are encrypted at rest using industry-standard encryption protocols. We use AES-256 encryption for all stored keys and credentials.

2.2 No Plain Text Storage

We do not store any LLM or other API keys you provide in plain text. This includes:

• LLM provider API keys (OpenAI, Anthropic, etc.)
• Third-party service API keys
• Authentication tokens and credentials
• Database connection strings
• Any other sensitive configuration data

2.3 Key Management Best Practices

Our key management approach includes:

• Encryption at Rest: All keys encrypted before database storage
• Encryption in Transit: TLS 1.3 for all data transmission
• Access Controls: Keys are only accessible to authorized services and processes
• Key Rotation: Support for periodic key rotation and updates
• Audit Logging: All key access and usage is logged for security monitoring

2.4 User Key Responsibility

While we encrypt and protect your keys, you are responsible for:

• Using strong, unique API keys
• Rotating keys periodically
• Revoking compromised keys immediately
• Following your LLM provider's security best practices

3.1 Cloudflare Infrastructure

Hackerdogs leverages world-class Cloudflare infrastructure to provide enterprise-grade security, performance, and reliability.

3.2 Cloudflare Security Features

Our Cloudflare implementation includes:

• DDoS Mitigation: Automatic detection and mitigation of volumetric, protocol, and application-layer attacks
• Web Application Firewall (WAF): Protection against OWASP Top 10 vulnerabilities and custom attack patterns
• Rate Limiting: Protection against brute force and abuse attempts
• Bot Management: Advanced bot detection and mitigation
• SSL/TLS: Always-on encryption with automatic certificate management
• Geographic Controls: Optional geographic restrictions and routing

3.3 High Availability & Reliability

Cloudflare's global network ensures:

• 99.99% uptime SLA for critical services
• Automatic failover and load balancing
• Global edge network for reduced latency
• Continuous monitoring and health checks

4.1 Cellular Architecture

Hackerdogs uses a cellular architecture that enables secure, isolated deployment of services. Each service "cell" operates independently, limiting the blast radius of potential security incidents.

4.2 Private Tunneling

We use private tunneling to secure communications between cells in our cellular architecture. This approach:

• Limits Exposure: Services are not directly exposed to the public internet
• Encrypted Communication: All inter-cell communication is encrypted
• Network Segmentation: Isolated network segments prevent lateral movement
• Zero Trust Principles: Services authenticate before communication

4.3 Service Isolation

Our cellular architecture provides:

• Independent service deployment and scaling
• Isolated failure domains
• Granular access controls per cell
• Reduced attack surface through network segmentation

5.1 Data Encryption

All data is encrypted using industry-standard protocols:

• At Rest: AES-256 encryption for all stored data
• In Transit: TLS 1.3 for all network communications
• Database Encryption: Encrypted database volumes and backups
• Backup Encryption: All backups are encrypted before storage

5.2 Data Classification & Handling

We classify and handle data according to sensitivity:

• Highly Sensitive: API keys, credentials, authentication tokens
• Sensitive: User data, investigation results, OSINT data
• Internal: Logs, metrics, operational data

5.3 Data Retention & Deletion

We follow data minimization principles:

• Data is retained only as long as necessary for service delivery
• Secure deletion of data upon account termination
• Compliance with data retention requirements (GDPR, CCPA)
• Regular purging of temporary and cached data

6.1 Multi-Factor Authentication (MFA)

We strongly recommend and support Multi-Factor Authentication (MFA) for all user accounts. MFA adds an additional layer of security beyond passwords.

6.2 Authentication Methods

Supported authentication methods include:

• Email/password authentication
• Time-based One-Time Password (TOTP) via authenticator apps
• Single Sign-On (SSO) for enterprise customers
• API key authentication for programmatic access

6.3 Role-Based Access Control (RBAC)

Access to platform features and data is controlled through role-based permissions:

• Granular permissions per role
• Principle of least privilege
• Team and organization-level access controls
• Audit logging of all access attempts

6.4 Session Management

Secure session management includes:

• Automatic session timeout after inactivity
• Secure session tokens
• Session revocation capabilities
• Device and location tracking for suspicious activity

7.1 User-Managed MCP Servers

Hackerdogs does not manage or control any of the MCP (Model Context Protocol) servers that customers add to our product, whether they are:

• Commercial MCP servers
• Open-source MCP servers
• Custom-built MCP servers
• Third-party integrations

7.2 Security Responsibility

We are not responsible for the security of these third-party MCP servers. They are provided for your convenience and integration flexibility.

7.3 Best Practices for MCP Servers

For optimal performance and security, we recommend:

• Write Your Own MCP Servers: Building custom MCP servers gives you full control over security, functionality, and compliance
• Security Audits: Regularly audit any third-party MCP servers you use
• Keep Updated: Ensure MCP servers are kept up-to-date with security patches
• Network Isolation: Deploy MCP servers in isolated network environments when possible
• Access Controls: Implement proper authentication and authorization for MCP servers

7.4 Integration Guidelines

When integrating MCP servers:

• Review the security posture of third-party servers before integration
• Use secure communication channels (HTTPS, encrypted connections)
• Implement rate limiting and monitoring
• Follow the principle of least privilege for MCP server permissions

8.1 Inherent LLM Limitations

Hackerdogs is a powerful platform, but it shares the same limitations that all Large Language Models (LLMs) have. LLMs may occasionally provide incorrect, incomplete, or misleading information.

8.2 Common LLM Limitations

LLMs may exhibit:

• Hallucinations: Generating information that appears factual but is incorrect
• Outdated Information: Training data may not include recent events or updates
• Bias: Reflecting biases present in training data
• Context Limitations: May lose context in long conversations or complex scenarios
• Ambiguity: Interpreting ambiguous queries incorrectly
• Confidence Mismatch: High confidence in incorrect answers

8.3 Best Practices for Using LLM Outputs

To mitigate LLM limitations, we recommend:

• Human Verification: Always have human experts review critical outputs
• Independent Verification: Cross-reference LLM outputs with authoritative sources
• Context Awareness: Provide clear, specific context in your queries
• Iterative Refinement: Refine queries based on initial outputs
• Error Handling: Implement error handling and fallback procedures
• Documentation: Document assumptions and limitations in your workflows

8.4 Our Commitment

While we cannot eliminate LLM limitations, we are committed to:

• Using high-quality, well-tested LLM models
• Implementing prompt engineering best practices
• Providing transparency about limitations
• Continuously improving model selection and configuration
• Providing clear warnings about potential inaccuracies

9.1 Continuous Monitoring

We maintain continuous security monitoring of our platform:

• Real-Time Monitoring: 24/7 monitoring of security events and anomalies
• Intrusion Detection: Automated detection of suspicious activities
• Log Analysis: Comprehensive logging and analysis of security-relevant events
• Threat Intelligence: Integration with threat intelligence feeds
• Performance Monitoring: Detection of performance anomalies that may indicate attacks

9.2 Security Event Detection

Our monitoring systems detect:

• Unauthorized access attempts
• Unusual authentication patterns
• Data exfiltration attempts
• Malicious API usage
• System vulnerabilities and misconfigurations

9.3 Incident Response Plan

We maintain a comprehensive incident response plan that includes:

• Detection: Rapid identification of security incidents
• Containment: Immediate steps to limit impact
• Investigation: Thorough analysis of incidents
• Remediation: Steps to resolve and prevent recurrence
• Communication: Timely notification to affected users when required
• Post-Incident Review: Lessons learned and process improvements

9.4 Security Incident Notification

In the event of a security incident affecting your data:

• We will notify affected users as required by law and our policies
• Notifications will include details about the incident and steps taken
• We will provide guidance on protective measures you can take
• We will work transparently to resolve the issue

10.1 Regulatory Compliance

Hackerdogs is committed to compliance with relevant regulations and standards:

• GDPR / UK GDPR: European data protection regulations
• CCPA / CPRA: California privacy regulations
• SOC 2: Security, availability, and confidentiality controls
• Industry Standards: Following NIST, ISO 27001 principles

10.2 Security Audits & Assessments

We conduct regular security assessments:

• Vulnerability Assessments: Regular scanning for vulnerabilities
• Penetration Testing: Periodic third-party security testing
• Code Reviews: Security-focused code review processes
• Infrastructure Audits: Review of infrastructure security configurations

10.3 Third-Party Security Reviews

We engage independent security firms for:

• External security audits
• Compliance assessments
• Vulnerability disclosure programs
• Security certifications

11.1 Reporting Security Vulnerabilities

We encourage responsible disclosure of security vulnerabilities. If you discover a security issue, please:

• Email security@hackerdogs.ai with details
• Provide a clear description of the vulnerability
• Include steps to reproduce (if applicable)
• Allow reasonable time for remediation before public disclosure
• Do not access or modify data without authorization

11.2 Our Response Commitment

We commit to:

• Acknowledging receipt within 48 hours
• Providing regular updates on remediation progress
• Crediting researchers (with permission) for responsible disclosures
• Working collaboratively to resolve issues

12.1 Account Security

Users are responsible for:

• Using strong, unique passwords
• Enabling Multi-Factor Authentication (MFA)
• Protecting account credentials
• Reporting suspicious account activity immediately
• Regularly reviewing account access and permissions

12.2 Data Security

Users should:

• Only upload data necessary for their use case
• Follow data classification and handling guidelines
• Implement appropriate access controls within their organization
• Regularly review and audit data access
• Securely delete data when no longer needed

12.3 Third-Party Integrations

When using third-party integrations (including MCP servers):

• Review security practices of third-party services
• Use secure authentication methods
• Monitor integration usage and access
• Keep integrations updated
• Remove unused or unnecessary integrations

12.4 Compliance Responsibilities

Users are responsible for:

• Ensuring their use of Hackerdogs complies with applicable laws
• Obtaining necessary consents for data processing
• Complying with industry-specific regulations
• Maintaining their own compliance documentation

13.1 Security Team Contact

For security-related inquiries, incident reports, or vulnerability disclosures:

• Security Email: security@hackerdogs.ai
• Response Time: We aim to respond within 48 hours
• Urgent Issues: Mark emails as "URGENT" for critical security matters

13.2 Other Contacts

• Legal: legal@hackerdogs.ai
• Privacy: privacy@hackerdogs.ai
• General Support: hello@hackerdogs.ai

13.3 Additional Resources

• Legal & Compliance: Legal Center
• Privacy Policy: See Legal Center - Privacy Policy
• Terms of Service: See Legal Center - Terms of Service

Registered Address:

Hackerdogs Inc.
A Delaware Corporation
Delaware, United States