Trust Center

Security. Compliance.
Transparency.

Trust is the foundation of sovereign infrastructure. Harch Corp maintains the highest standards of security, compliance, and operational transparency — so our partners and customers can build with confidence.

Security

Defense in Depth

Every layer of Harch Corp infrastructure is designed with security-first principles — from physical data center perimeters to application-level controls.

Compliance

Certified. Audited. Verified.

Our compliance program spans Moroccan, African, European, and global frameworks — with continuous auditing and third-party verification.

SOC 2 Type II

Global

Achieved

Security, Availability, Confidentiality

ISO 27001

Global

Achieved

Information Security Management

ISO 22301

Global

Achieved

Business Continuity Management

GDPR

EU

Achieved

EU Data Protection Regulation

CCPA

US

Achieved

California Consumer Privacy Act

Moroccan DPA

Morocco

Achieved

Law 09-08 Data Protection

ISO 27017

Global

In Progress

Cloud Security Controls

ISO 27018

Global

In Progress

PII in Public Cloud

HITRUST CSF

Global

Planned

Healthcare Security Framework

FedRAMP

US

Planned

US Federal Authorization

PCI DSS

Global

In Progress

Payment Card Security

CSA STAR Level 2

Global

In Progress

Cloud Security Alliance

Architecture

HarchOS Security Layers

Seven concentric security layers protect every workload, every data point, every transaction. From the concrete perimeter to the application runtime.

L1

Physical Security

Biometric access, 24/7 CCTV, mantraps, armed security

L2

Network Security

DDoS protection, WAF, micro-segmentation, zero-trust

L3

Platform Security

HarchOS hardened runtime, container isolation, SBOM

L4

Application Security

SAST/DAST, pen testing, code review, dependency scanning

L5

Data Security

AES-256 at rest, TLS 1.3 in transit, CMK, tokenization

L6

Identity & Access

MFA, RBAC, PAM, SSO, conditional access policies

L7

Monitoring & Response

24/7 SOC, SIEM, automated playbooks, threat intel

Vulnerability Disclosure

Help Us Get Stronger

We believe in collaborative security. If you discover a vulnerability in Harch Corp systems, we want to hear from you. Our bug bounty program rewards responsible disclosure and recognizes security researchers.

We commit to acknowledging receipt within 24 hours, providing an initial assessment within 72 hours, and keeping you informed throughout the remediation process.

Full Disclosure Policy
01

Identify

Discover a potential vulnerability in Harch Corp systems or infrastructure.

02

Report

Submit details to security@harchcorp.com with reproducible steps.

03

Validate

Our security team acknowledges and triages within 24 hours.

04

Remediate

We develop and deploy a fix, keeping you informed of progress.

05

Recognize

Eligible researchers receive bounty rewards and Hall of Fame recognition.

AI Ethics

Responsible AI by Design

As Africa builds its sovereign AI capabilities, Harch Corp commits to fairness, transparency, and human oversight in every model we deploy.

Fairness Score

0.94

Across all protected attributes

Model Transparency

87%

Of models with explainability reports

Bias Incidents

0

Critical bias incidents in 2025

Data Privacy

Your Data. Your Sovereignty.

Harch Corp enforces data residency, cross-border transfer controls, and processing transparency — aligned with Moroccan Law 09-08, GDPR, and emerging African data protection frameworks.

Data Residency

All customer data stored and processed within Morocco by default. Regional options available for Senegal, Gambia, and EU jurisdictions.

Consent Management

Granular consent frameworks with audit trails. Full compliance with Moroccan DPA opt-in requirements and GDPR consent standards.

Cross-Border Transfer

Standard contractual clauses, binding corporate rules, and adequacy decisions for all international data transfers.

Data Processing Agreements

Pre-signed DPAs available for all customers. Covers sub-processor management, breach notification, and data subject rights.

Subject Rights

Full support for access, rectification, erasure, portability, and objection rights. Automated fulfillment within 30-day SLA.

African Framework Alignment

Compliant with Cote d'Ivoire Law No. 2013-450, Kenya Data Protection Act 2019, and South Africa POPIA for pan-African operations.

Transparency

Quarterly Security
Transparency Report

Every quarter, we publish a comprehensive transparency report covering security incidents, government data requests, compliance status updates, and vulnerability metrics. Transparency is not optional — it is operational.

Security Incidents (Q4 2025)0 Critical
Government Data Requests2 — Both Challenged
Mean Time to Detect<12 min
Mean Time to Contain<45 min
Uptime SLA Achievement99.997%

Report Archive

Q4 2025

January 2026

Latest

Q3 2025

October 2025

PDF

Q2 2025

July 2025

PDF

Q1 2025

April 2025

PDF

Shared Responsibility

Security Is a Partnership

While Harch Corp secures the infrastructure, customers retain responsibility for how they configure, manage, and operate within the platform. Clarity drives accountability.

Harch Corp Secures

Infrastructure & Platform Layer

Physical data center security

Network infrastructure protection

HarchOS platform security

Hypervisor isolation

Default encryption at rest & in transit

Infrastructure monitoring & incident response

DDoS mitigation & WAF

Identity provider (SSO/MFA)

Compliance certification maintenance

Customer Secures

Application & Configuration Layer

User access management & hygiene

Application-level security

Data classification & labeling

API key & credential management

Customer-managed encryption keys (optional)

Workload configuration hardening

Audit log review & alerting

Third-party integration security

Questions About Trust?

Our security team is available to discuss compliance requirements, security architecture, and partnership opportunities.