1. Web Server Security

Haven's web security starts with strong protective measures at every point of data transmission.

Our web infrastructure employs end-to-end encryption through HTTPS with SSL connections, specifically utilizing the industry-leading TLSv1.3 protocol for all data transmission. 

We maintain a closed system architecture where our API endpoints are almost exclusively internal-facing and can only be accessed through Haven's internal infrastructure, eliminating potential vectors for unauthorized external access. 

This multi-layered approach ensures that your sensitive financial data remains encrypted and inaccessible to any parties outside of Haven's secure environment.

2. User Authentication

Robust authentication and granular access controls are a key pillar of our Haven’s security model. 

We've implemented a comprehensive authentication system through Clerk, requiring Multi-Factor Authentication (MFA) for all user access to the application. 

Our access control framework follows a role-based model adhering to the principle of least privilege, ensuring users are granted only the permissions necessary for their specific functions. 

This combination of strong authentication and precise access control means that even within Haven, your data is only accessible to those who explicitly need it for their authorized duties.

3. Data Access Controls

To ensure the highest level of data protection, Haven has implemented strict access boundaries around all customer information. 

Data can only be accessed by authenticated users and partners, with resources strictly limited to retrieval and updates by their rightful owners. 

Database access is strictly limited to authorized connections through Google Cloud's secure infrastructure, using enterprise-grade connection methods that ensure all database traffic remains within protected networks. Database access is strictly controlled through Google Cloud's infrastructure security model. Our database is isolated from public networks and can only be accessed through Cloud SQL proxy or from within our internal Virtual Private Cloud (VPC). This architecture ensures all database connections remain within Google Cloud's secure environment, eliminating exposure to external network threats.

This defense-in-depth approach means your data is protected by multiple secure boundaries, from user authentication to infrastructure-level controls.

4. Database Security & Recovery

We maintain comprehensive measures to protect data integrity and ensure business continuity. 

All database connections are secured through TLS/SSL encryption, with daily backups performed as standard practice.

Our point-in-time recovery capability, supported by database logs with one-week retention, provides an additional safety net. 

This robust backup and recovery framework ensures your data remains both secure and recoverable in any scenario.

5. Credential Management

Security of access credentials is paramount to Haven’s overall security posture. 

We maintain strict policies around third-party credentials, storing only revocable tokens rather than raw credentials in our database. All third-party application credentials are secured in Google Secret Manager with strictly limited employee access. Internal password sharing is managed exclusively through 1Password, with segregated vaults ensuring compartmentalized access to sensitive credentials. 

This structured approach to credential management minimizes the risk of unauthorized access.

6. Data Privacy

Haven upholds strict data privacy standards based on the principles of global privacy regulations. 

Our development process follows privacy-by-design principles, ensuring that data protection is built into our systems and features from the ground up. This includes maintaining complete control over user data with the capability to delete account information upon request. 

Our privacy-first approach ensures your data rights are respected and protected throughout your relationship with Haven.

7. Operational Security

Our commitment to security extends to daily operations through multiple proactive measures. 

We maintain 24/7 on-call coverage to address any security concerns in real-time, supported by comprehensive security logging and monitoring systems. 

Regular security patches and updates are deployed across our infrastructure, addressing potential vulnerabilities. Incident response procedures ensure rapid and effective handling of any security events. This multi-faceted operational framework provides continuous protection for your data.

Our Commitment to Security

At Haven, security isn't just a feature - it's fundamental to everything we do. We continuously evaluate and enhance our security measures to ensure we're providing the highest level of protection for your sensitive financial data. 

If you have any questions about our security practices or would like to report a security concern, please contact our security team at security@tryhaventax.com. Our team is committed to transparency and will promptly address any security-related inquiries.