City of Hats - Exposure Intelligence Platform
Secure Drop
Anonymous · Encrypted · No login required
Your message is sealed and anonymous. We cannot identify you. No account or login is needed.
Your message
Max 3 files, 10 MB each
Powered by City of Hats · Get your own Secure Drop
Secure Channel
Anonymous · Bidirectional · Encrypted
Start an anonymous conversation. You'll receive a thread code to check for replies later.
Your message
Max 3 files, 10 MB each
Thread Code
Enter your thread code above to check for replies.
Powered by City of Hats · Get your own Secure Channel
🔐 Security & Trust

Security & Trust

Protecting identity, data, and risk intelligence — by design

City of Hats is built for organizations that treat security as mission-critical. That's why privacy, data protection, and platform security are foundational to everything we do — from how intelligence is collected, to how it is processed, stored, and used.

Our commitment is simple:
Protect your data
Respect end-user privacy
Operate with transparency
Meet or exceed industry best practice

Enterprise-grade security architecture designed for banks, telcos, and regulated industries.

City of Hats Security & Trust Architecture

Defense-in-Depth • Privacy by Design • Enterprise-Ready

🛡 Foundation

Our Security Principles

Security is not an afterthought — it's built into every layer of our platform.

🛡

Defense-in-Depth

Multiple layered controls — infrastructure, application, and operational — to protect against threats at every level.

🔐

Privacy by Design

Risk intelligence with strict controls on personal data handling. Privacy is engineered in, not bolted on.

📉

Least-Privilege Access

Internal access is always minimized, monitored, and audited. No unnecessary permissions, ever.

📡

Secure-by-Default

All platform communications are encrypted in-transit & at-rest. Security is the default, not an option.

🔐 Data Security

Data Security & Protection

How your data is handled — with enterprise-grade protection at every layer.

📋 Data Handling

  • Customer data processed in isolated environments
  • No data sharing with third parties
  • Strict retention policies
  • Secure data deletion on request

🔒 Encryption

  • TLS 1.3 for all data in-transit
  • AES-256 encryption at-rest
  • Hardware security modules (HSM)
  • Key rotation policies

💾 Storage

  • Geo-redundant cloud infrastructure
  • Immutable backup systems
  • Data locality controls
  • Automated integrity checks

🚪 Access Controls

  • Role-based access control (RBAC)
  • Just-in-time privileged access
  • Comprehensive audit logging
  • Session management & timeouts

🧱 Isolation

  • Tenant-level data isolation
  • Network segmentation
  • Containerized workloads
  • Environment separation

🎯 Zero Trust

  • Never trust, always verify
  • Continuous authentication
  • Micro-segmentation
  • Least-privilege everywhere
📏 Compliance

Compliance & Certifications

City of Hats aligns to leading global standards — with a clear roadmap for continuous improvement.

Encryption everywhere
Secure credential & secret storage
Structured vulnerability management
Vendor risk assessment program
Routine penetration testing
Incident response planning
Active
GDPR Ready
Active
PDPA Aligned
Roadmap
SOC 2 Type II
Roadmap
ISO 27001
⚖ Ethics

Identity & Exposure Intelligence Ethics

We believe exposure intelligence should reduce harm — not create it. So we follow strict guardrails:
🔒

We do not sell personal identity data

🔍

We minimize exposure of sensitive fields

We support fraud prevention & identity protection

🚫

We do not enable offensive security misuse

🤖 AI Governance

AI Security & Model Governance

Because your data interacts with AI — trust matters. Here's how we protect it.

Signal Generation

  • AI models trained on threat patterns only
  • No PII in model training
  • Pattern recognition, not personal profiling
  • Threat intelligence correlation

🛡 Sensitive Data Protection

  • Data anonymization before AI processing
  • Tokenization of sensitive fields
  • No storage of AI inference logs
  • Customer data never leaves your control

Bias & Misuse Prevention

  • Regular fairness audits
  • Human oversight for critical decisions
  • Abuse detection & rate limiting
  • Continuous model monitoring
No customer data used to train public models
Controlled intelligence enrichment
Explainable decision logic when possible
Continuous bias, fairness & abuse review
🤝 Partnership

Shared Responsibility Model

Security is a partnership. City of Hats secures the platform — you control your data and access.

City of Hats Shared Responsibility Model

Platform Security • Customer Access Control • Mutual Accountability

👁 Platform Security

Platform & Operational Security

Enterprise-grade controls that demonstrate real security maturity.

📋
Internal Security Policy

Documented security policies reviewed quarterly

🔑
Access Governance

RBAC with mandatory MFA for all systems

📝
Audit Logging

Comprehensive logs with tamper detection

🏢
Vendor Risk Controls

Third-party security assessments required

🔐
Multi-factor Auth

Required for all internal & customer access

🧩
Network Segmentation

Isolated environments per function & tenant

🛠
Continuous Monitoring

Real-time threat detection & response

🚨
Incident Response

24/7 alerting with documented playbooks

✨ Trust Signals

Why Enterprises Trust City of Hats

Confidence — without chest-beating. Here's what sets us apart.

Designed for enterprise security
Privacy-first architecture
Built by cybersecurity professionals
External attack-surface model — not invasive monitoring
No personal data monetization — ever
Transparent security practices
📊 Sources

Responsible Data Sources

City of Hats intelligently processes exposure signals from carefully vetted sources.

• Breach intelligence • Identity exposure metadata • Network & attack telemetry • Telecom & device risk indicators • Customer-authorized lookups
📌 Always sourced & handled under ethical & legal frameworks.
🎛 Control

Your Data — Your Control

You remain in full control of your data throughout the engagement.

Retention
Access
Redaction
API & Platform Permissions

We support security reviews and enterprise onboarding.

Trust is Earned — Not Assumed

Security is not a feature. It's a responsibility.

If you need details on our security controls, audits, policies, or architecture documentation — our team will work closely with yours.

Security Contact

If you believe you've discovered a vulnerability or security concern, please reach out to us immediately.

📨 Contact Us
admin@cityofhats.com

Responsible disclosure welcome

Request Security Review Learn About Us
ISO 27001 Aligned SOC 2 Type II GDPR Ready PDPA Compliant
Enterprise-Ready Privacy-First 99.9% Uptime 24/7 Monitoring