HomePlatformSecurity
Security & Trust

Security built into
every workflow.

Hubler is designed for enterprises where procurement, finance, lease, vendor, and compliance workflows carry sensitive operational data. Access control, encryption, audit logging, data isolation, and governance are built into the platform from the start — not configured as an afterthought.

Request the Security Pack → ISO certificates, architecture documentation, and completed questionnaires
Talk to our security team
Certifications & Status
ISO 9001:2015
Quality Management System
Certified
ISO/IEC 27001:2022
Information Security Management
Certified
AWS Cloud Infrastructure
Multi-AZ deployment
Active
Encrypted in Transit & at Rest
TLS + industry-standard encryption
Active
SOC 2 Type II
Target 2025–2026
In Progress

Enterprise software that runs execution at scale holds sensitive data. Procurement decisions. Financial records. Vendor credentials. Lease contracts. Compliance evidence.

The enterprises that trust Hubler with this data deserve more than a security checkbox.

Hubler is deployed inside enterprises where a security failure is not an inconvenience — it is a business disruption, a regulatory event, and a breach of trust.

Our position

Security is not a feature added to the platform. It is a property of the platform. Access control, encryption, audit trails, and data isolation are structural — present in every deployment, for every enterprise, from day one.

Our honesty

We list only what we can demonstrate. Where certifications are in progress, we say so clearly. Enterprise security teams verify every claim — we would rather be honest about what is in progress than overstate what is confirmed.

Our commitment

Security is a continuous practice, not a point-in-time achievement. We maintain ISO certifications annually, engage third-party penetration testers regularly, and are progressing toward SOC 2 Type II independently.

Certifications & Trust Signals

What we have earned.
What we are building toward.
All of it honest.

Enterprise procurement teams verify every claim. We list only what we can demonstrate — and we are clear about what is in progress.

Confirmed & Active
ISO 9001:2015
Quality Management System · Certified · Maintained annually
Certified

The globally recognised standard for quality management. Ensures consistent, documented, and repeatable processes across Hubler's service delivery, implementation methodology, and customer support operations. How Hubler delivers and supports its platform is as rigorously managed as the platform itself.

Covers
Service deliveryImplementation methodologyCustomer onboardingSupport operationsContinuous improvement
Certificate on request
ISO/IEC 27001:2022
Information Security Management System · Certified · Maintained annually
Certified

The globally recognised standard for systematic management of information security risks — independently audited and certified. Covers every aspect of how Hubler protects the data it processes, stores, and transmits on behalf of enterprise customers.

Covers
Data protection policiesAccess control frameworksIncident responseVulnerability managementBusiness continuityThird-party security
Certificate on request
AWS Cloud Infrastructure
Active

Multi-availability zone deployment with automated failover. Physical security, power, and network infrastructure managed by AWS. Data residency options available based on deployment architecture and commercial agreement.

Encryption at Rest & in Transit
Active

Data stored on Hubler's platform is protected using industry-standard encryption at rest. All data transmitted is encrypted using TLS. Unencrypted connections are not accepted. All API communications are authenticated.

SAML 2.0 / OAuth 2.0 SSO
Active

Integrates with any SAML 2.0 or OAuth 2.0 compliant identity provider — including Okta, Microsoft Entra ID, Google Workspace, and Ping Identity. Users authenticate through your existing identity infrastructure.

Role-Based Access Control
Active

Field-level granularity. Users assigned roles defining exactly what they can see, create, edit, approve, and export — configurable to your organisational structure, not a generic template. Multi-entity deployments enforce entity-level data isolation.

Audit Logs
Active

Append-only. User actions logged — view, create, edit, submit, approve, reject, escalate, delegate, and export events. Every entry includes timestamp, user identity, and data context. Restricted administrative access.

Logical Tenant Isolation
Active

Every Hubler enterprise deployment is a logically isolated tenant. Data from different enterprises is not commingled in storage, processing, or transit.

Independent Penetration Testing
Active

Third-party. Scope covers application, API, infrastructure, and authentication security. Summary reports available to enterprise customers under NDA.

GDPR-Aligned Infrastructure
Active

Infrastructure designed to support GDPR compliance requirements. Data Processing Agreements available on request. Hubler acts as a data processor under terms of a DPA.

SCIM User Provisioning
Active

Automated user provisioning and de-provisioning synchronised with your identity provider. User lifecycle management integrated with your existing identity infrastructure.

Multi-Factor Authentication
Active

Available and enforced for platform access. Configuration options available for enterprise deployments across user roles.

Data Residency
Active

Options available based on deployment architecture and commercial agreement. Cross-border data flows documented and configured based on customer requirements.

Data Portability
Active

Enterprise customers own their data. On contract termination, Hubler provides a structured export in standard portable formats. Terms specified in the Master Services Agreement.

In Progress
We list these separately because enterprise procurement teams verify every claim.
SOC 2 Type II
In Progress
Target 2025–2026

An independent audit conducted by a licensed CPA firm that verifies controls for security, availability, processing integrity, confidentiality, and privacy over a sustained observation period. The most commonly required security attestation by US enterprise procurement teams, and complements ISO 27001 by validating operational effectiveness of specific customer data controls.

DPDP Act 2023 (India)
Monitoring

India's Digital Personal Data Protection Act 2023 establishes data protection obligations for organisations processing personal data of Indian citizens. Implementing regulations from the Indian government are pending. Hubler is monitoring regulatory development and will build compliance into operations as regulations are finalised.

Additional Frameworks
Under Evaluation

CSA STAR and other enterprise-requested compliance frameworks are under evaluation for the roadmap. Contact our security team if your organisation requires a specific compliance framework during procurement evaluation.

At a Glance

Everything in one view.

For security teams completing vendor assessments.

Trust SignalStatusAvailable
ISO 9001:2015✓ CertifiedCertificate on request
ISO/IEC 27001:2022✓ CertifiedCertificate on request
AWS Cloud Infrastructure✓ ActiveShared responsibility model on request
Encryption at Rest✓ ActiveArchitecture documentation on request
Encryption in Transit (TLS)✓ ActiveArchitecture documentation on request
SAML 2.0 / OAuth 2.0 SSO✓ Active
SCIM User Provisioning✓ Active
Multi-Factor Authentication✓ Active
Role-Based Access Control✓ Active
Logical Tenant Isolation✓ Active
Audit Logs (Append-Only)✓ ActiveExportable reports
Independent Penetration Testing✓ ActiveSummary report under NDA
GDPR-Aligned Infrastructure✓ ActiveDPA on request
Data Residency Options✓ ActiveBased on deployment architecture
Data Portability✓ ActiveSpecified in MSA
Mobile App Security (iOS & Android)✓ Active
Secure Development Practices✓ Active
Responsible Disclosure✓ Active[email protected]
SOC 2 Type IIIn ProgressTarget 2025–2026
DPDP Act 2023 (India)MonitoringPending regulations
Data Security

Encrypted.
Isolated.
Yours.

Your operational data is sensitive. Procurement decisions, vendor credentials, financial records, compliance evidence. Hubler treats it accordingly.

Encryption at rest
Data stored on Hubler's platform is protected using industry-standard encryption at rest — applied at the database layer across all stored data.
Encryption in transit
All data transmitted between Hubler and connected systems — and between Hubler and end-user devices — is encrypted in transit using TLS. All API communications are authenticated. Unencrypted connections are not accepted.
Tenant isolation
Every Hubler enterprise deployment is a logically isolated tenant. Data from different enterprises is not commingled in storage, processing, or transit. Multi-entity deployments maintain additional isolation between entity instances within your tenant.
Data residency
Data residency options are available based on deployment architecture and commercial agreement. Cross-border data flows are documented and configured based on customer deployment requirements.
Backup and recovery
Automated daily backups with point-in-time recovery capability. Backup data is encrypted at rest. Recovery objectives are defined in the Master Services Agreement.
Data portability
Enterprise customers own their data. On contract termination, Hubler provides a structured export of customer data in standard portable formats. Terms are specified in the Master Services Agreement.
Access Control

The right people see the right data.
Nothing more.

Role-Based Access Control
Every user is assigned a role that defines exactly what they can see, create, edit, approve, and export — at the level of individual fields and actions within individual workflows. Configurable to your organisational structure, not a generic template.
Multi-entity isolation
In multi-entity deployments, data isolation between entities is enforced at the platform level. A user with access to one entity cannot see another entity's data unless explicit cross-entity access is configured and approved by your administrators.
Single Sign-On
Hubler integrates with any SAML 2.0 or OAuth 2.0 compliant identity provider — Okta, Microsoft Entra ID, Google Workspace, Ping Identity, and others. Users authenticate through your existing identity infrastructure.
Multi-Factor Authentication
Multi-factor authentication is available and enforced for platform access. Enterprise deployments can configure MFA requirements across user roles.
SCIM Provisioning
Automated user provisioning and de-provisioning synchronised with your identity provider. User lifecycle management integrated with your existing identity infrastructure — new users provisioned when onboarded to your identity system, departing users de-provisioned promptly.
Audit & Governance

Every action logged.
Access restricted.

The audit log
User actions across Hubler workflows are logged — including view, create, edit, submit, approve, reject, escalate, delegate, and export events. Every log entry includes a timestamp, user identity, and the data context of the action. Logs are append-only with restricted administrative access.
What the audit log provides
Internal compliance teams

Visibility into every approval, delegation, exception, and governance event — with reports exportable for any specified period.

External auditors

A complete, tamper-evident record of every action taken within any workflow — tracing every decision to a specific user, timestamp, and data state.

Regulatory enquiries

Structured, exportable audit data to support regulatory review, incident investigation, and internal governance processes.

Infrastructure

AWS hosted.
Designed for enterprise availability.

Cloud Provider
Amazon Web Services

Multi-tenant SaaS with dedicated logical tenant per customer and full data isolation between customer instances.

Availability Design
Multi-AZ Deployment

Primary and standby infrastructure in independent physical locations with automated failover. Peak loads handled without manual intervention.

Backup
Daily + Point-in-Time

Automated daily backups with point-in-time recovery capability. Backup data encrypted at rest. Recovery objectives defined in the MSA.

Mobile
iOS & Android

Available on Apple App Store and Google Play Store. Offline operation supported with local data encryption per device security model.

Vulnerability Management

Security is a practice,
not a posture.

Independent penetration testing
Hubler engages independent third-party security firms for penetration testing. Scope covers application security, API security, infrastructure security, and authentication mechanisms. Findings are triaged and remediated. Summary reports are available to enterprise customers under NDA.
Dependency and patch management
Third-party libraries and dependencies used in Hubler's platform are monitored for known vulnerabilities. Critical and high-severity vulnerabilities are addressed on an expedited basis. Platform updates are deployed without requiring customer action or system downtime.
Incident response
Hubler maintains an incident response process covering detection, containment, investigation, remediation, and customer notification. Enterprise customers are notified of any security incident that may affect their data within applicable regulatory timeframes and as specified in the Master Services Agreement.
Responsible disclosure
Security researchers who identify vulnerabilities in Hubler's platform can report them to [email protected]. Hubler is committed to acknowledging reports and keeping reporters informed of remediation progress.
Enterprise Security Evaluation

Everything your security team
needs to evaluate Hubler.

Available on request

  • ISO 9001:2015 certificate
  • ISO/IEC 27001:2022 certificate
  • Security architecture overview
  • Data Processing Agreement (GDPR-aligned)
  • AWS shared responsibility model

Available under NDA

  • Penetration testing summary report
  • Security architecture detail

Reference customers available for security-specific reference calls under NDA.

During procurement review

Standard security questionnaires can be completed during enterprise procurement review. Security review calls with Hubler's technical team are available for enterprise customers in active evaluation.

Contact
[email protected]
Response within one business day
Request the Security Pack →
Shared Responsibility

Security is shared.
Here is where the boundary is.

Hubler's responsibilities
  • Platform security — encryption, infrastructure, vulnerability management
  • Access control framework and audit log integrity
  • Incident response and customer notification
  • Certification maintenance and compliance documentation
Customer responsibilities
  • User credential management and MFA policy adherence
  • Access control configuration — mapping Hubler's RBAC to your organisational structure and need-to-know principles
  • Third-party credential security — protecting API credentials and access tokens used to connect Hubler to your systems
  • Data quality — accuracy of data imported from your systems into Hubler
Where Hubler provides guidance
  • Security configuration recommendations during implementation
  • Periodic access control review recommendations during quarterly business reviews
  • Security documentation and questionnaire completion for procurement processes
Enterprise Trust

Security built in.
Documented. Verified.

Hubler's security architecture is designed for enterprises where procurement, finance, lease, and compliance workflows carry sensitive operational data. Our security team is available to support your vendor assessment, answer your IT and legal team's questions, and provide documentation for your procurement process.

Request the Security Pack → Talk to our security team [email protected] · Response within one business day
ISO 9001:2015 ✓
ISO/IEC 27001:2022 ✓
AWS Cloud ✓
Encrypted ✓
SOC 2 In Progress