Security & Trust

Built like infrastructure, not like an app.

Family information is among the most sensitive data in the world. We treat it that way — at every layer, by default.

AES-256encryption at rest
TLS 1.3in transit
99.99%platform uptime
US + EUdata residency
Compliance posture

What we hold today, what we are pursuing.

SOC 2 Type II (in progress)HIPAA-aligned controlsGDPR & CCPAISO 27001 roadmapNIST 800-53 mappedPCI DSS scope-free
Controls in depth

Each safeguard reduces a real, named risk.

🔐

Per-family KMS

Each family has its own AWS KMS key. No cross-family key sharing, no master key.

🗝

Hardware-bound auth

WebAuthn / Yubikey support for principals and stewards. SMS as last-resort only.

🛡

Zero-knowledge vault

Vault contents are client-side encrypted. Athena Foundry staff cannot read them, ever.

👀

Immutable audit ledger

Every read, write and access is recorded — append-only, family-visible, exportable.

Heartbeat dead-man's-switch

Inactivity escalates to named stewards. No legal proceeding required.

🌍

Data residency

Choose US, EU or a dedicated single-tenant deployment for Foundry-tier families.

Operational discipline

People, not just policy.

Sub-processors

The short, deliberate list of vendors we trust with infrastructure.

AWSPrimary hosting (us-east-1, eu-west-1)
CloudflareEdge, WAF, DDoS
StripeBilling only — never family data
DatadogAnonymized observability
PlaidRead-only financial aggregation
OpenAI (on-prem option)Optional AI suggestions

See Legacy Sage with your own family in mind.

A private 30-minute walkthrough. No deck. Just the platform, the Heartbeat, and the questions you have been quietly carrying.

Request a private demo →