Security at Hawzu

Data ownership & isolation

Your data belongs to you. Hawzu enforces strict workspace and project isolation to ensure data is never shared across boundaries.

All access is evaluated against explicit roles, group memberships, and inherited permissions.

Authentication & access control

Hawzu uses role-based access control (RBAC) at both workspace and project levels.

• Workspace administrators manage global settings
• Project-level roles restrict access to scoped resources
• Group-based permissions are supported and fully auditable

Access tokens

API access tokens are treated as first-class security entities.

• Tokens are API-only and never grant UI access
• Each token has explicit, scoped permissions
• Token rotation is supported without breaking integrations
• All token lifecycle events are audit logged

Audit logs & traceability

Hawzu maintains detailed audit logs for security-sensitive events, including:

• User access changes
• Role and permission updates
• Token creation, rotation, and revocation
• Execution and release state changes

Audit logs are designed to support incident review, compliance requirements, and long-term accountability.

Execution integrity

Execution data in Hawzu becomes immutable once a release is locked.

This prevents silent data mutation and ensures historical execution reports remain trustworthy over time.

Infrastructure & data handling

Hawzu is built on managed cloud infrastructure following industry-standard security practices.

• Encrypted data in transit and at rest
• Isolated service environments
• Strict internal access controls