Security

Our approach

42hz is a cloud-native platform built by a software team, with security considered across how we design, build, and operate the product. We aim to integrate with the systems our customers already run rather than expand their risk surface, which is especially important in operational technology environments.

Infrastructure

The platform runs on established cloud infrastructure that provides physical security, network controls, and resilience at the data-center level. We rely on managed, well-supported services rather than building sensitive infrastructure from scratch.

Data protection

We use encryption in transit for data moving between systems, and apply access controls so that information is available only to those who need it. We aim to collect and retain only the data needed to provide the service.

Access and accountability

Access to systems is limited and based on role. We use authentication controls and keep the ability to review access, so that actions can be accounted for.

Operating in regulated environments

Many of our customers operate under frameworks such as NERC CIP. Compliance is the obligation of the operating entity, and 42hz is designed to be deployed within an existing security program, being transparent about supply chain and remote access rather than forcing infrastructure changes.

Reporting a concern

If you believe you have found a security issue, please email geethan@42hz.ai with details so we can investigate. We appreciate responsible disclosure and will work to address valid reports promptly.