Security

Last updated: March 13, 2026

At Hachther Inc., doing business as eSauti (“eSauti”, “we”, “our”, or “us”), we take the security of our platform, customer data, and related services seriously.

This page provides a high-level overview of the security practices, safeguards, and operational measures we use to help protect the eSauti platform and the information processed through it. It is intended for customers, prospects, partners, and other stakeholders who want to understand our general security posture.

This page is provided for informational purposes only. It does not create contractual commitments unless expressly included in a signed agreement.

1. Security approach

Our security approach is based on a combination of:

  • technical safeguards,
  • operational controls,
  • access restrictions,
  • secure development practices,
  • monitoring and response processes,
  • and continuous improvement over time.

We aim to apply security measures proportionate to the nature of the services we provide, the sensitivity of the data involved, and the risks reasonably associated with unauthorized access, use, disclosure, alteration, or destruction.

2. Access control

We work to restrict access to systems and data based on business need and role.

Our general access control practices may include:

  • role-based access principles for internal administrative access,
  • least-privilege access where reasonably applicable,
  • authentication controls for internal tools and production environments,
  • review and removal of access when no longer required,
  • separation of duties where appropriate for sensitive operations.

Administrative access is limited to authorized personnel and service providers who require access to operate, maintain, or support the platform.

3. Infrastructure and hosting security

eSauti may rely on managed infrastructure, cloud hosting providers, and third-party services to operate its platform and related functions.

Depending on the service architecture, our general infrastructure security practices may include:

  • logically separated environments where appropriate,
  • environment-level configuration controls,
  • network-layer protections,
  • secure secret and credential handling practices,
  • backup and recovery measures,
  • provider-level physical and environmental protections through our infrastructure vendors.

Where we rely on third-party infrastructure providers, some security controls are implemented by those providers as part of their managed services.

4. Encryption and data protection

We aim to protect data in transit and, where applicable, data at rest using appropriate technical measures.

Our practices may include:

  • HTTPS / TLS for data transmitted over public networks,
  • secure handling of credentials, tokens, and secrets,
  • encryption or provider-managed encryption mechanisms for supported storage systems,
  • restricted access to data stores and administrative interfaces.

No transmission method or storage system is perfectly secure. However, we apply reasonable safeguards designed to reduce risk and protect confidentiality, integrity, and availability.

5. Application security

We incorporate security considerations into product design, implementation, and maintenance activities.

Our application security practices may include:

  • secure coding practices,
  • dependency and package maintenance,
  • environment-specific configuration controls,
  • input validation and output handling,
  • authentication and authorization checks,
  • review and remediation of identified issues,
  • logging and operational visibility for key events where appropriate.

We may also improve the platform over time to address newly identified risks, software updates, or changes in our architecture.

6. Monitoring and operational security

We may use operational monitoring and logging to support the security, stability, and reliability of the platform.

This may include monitoring related to:

  • service availability,
  • infrastructure health,
  • platform errors,
  • suspicious activity indicators,
  • administrative operations,
  • and incident investigation.

Logs and monitoring data are used to help diagnose issues, support operations, and investigate potential security events, subject to applicable legal and operational requirements.

7. Vulnerability management and updates

We work to identify, assess, and remediate security issues in a reasonable and risk-based manner.

Our general practices may include:

  • applying security-related updates and patches,
  • reviewing dependencies and service components,
  • prioritizing remediation based on severity and context,
  • updating configurations when risks or best practices evolve.

Remediation timing may depend on the nature of the issue, exploitability, affected systems, and operational constraints.

8. Incident response

We maintain processes intended to support the identification, triage, containment, investigation, and remediation of security incidents.

Where appropriate, these processes may include:

  • internal escalation,
  • technical containment measures,
  • impact assessment,
  • corrective actions,
  • documentation of the incident and response,
  • and notification steps where required by law or contract.

If we determine that a security incident affects customer data or triggers legal notification obligations, we will act in accordance with applicable law and any relevant contractual commitments.

9. Personnel and internal practices

We seek to ensure that individuals with access to relevant systems or information understand their responsibilities.

Depending on role and context, our internal practices may include:

  • confidentiality obligations,
  • controlled access to production systems,
  • internal process documentation,
  • review of operational changes,
  • and security-conscious handling of customer and platform data.

10. Third-party services and subprocessors

eSauti may use third-party service providers to support infrastructure, communications, analytics, storage, delivery, security, payment, and other operational functions.

We aim to select vendors and subprocessors with reasonable care and to use contractual, technical, and organizational measures appropriate to the context.

Because third-party providers operate independent systems and services, their environments and controls are governed by their own policies, practices, and commitments.

11. Shared responsibility

Security is a shared responsibility.

While we work to secure the eSauti platform and the services we control, customers are also responsible for security measures within their own environment and usage, including as applicable:

  • protecting account credentials,
  • using strong passwords and access controls,
  • configuring user permissions appropriately,
  • securing their own endpoints, devices, and networks,
  • reviewing integrations and connected services,
  • and using the platform in a manner consistent with their legal and compliance obligations.

12. Responsible disclosure

If you believe you have identified a security vulnerability affecting eSauti, please report it to us promptly.

Please include, where possible:

  • a description of the issue,
  • steps to reproduce,
  • the affected URL, feature, or component,
  • the potential impact,
  • and any relevant supporting materials.

Please do not exploit vulnerabilities, access data without authorization, disrupt services, or test in a way that could harm users, systems, or data.

Security reports can be sent to:

security@esauti.ca

If you do not yet use a dedicated security mailbox, replace this address with your actual security or privacy contact address before publishing.

13. Service-specific or contractual security information

Some customers may require additional security information, questionnaires, or contract-specific commitments as part of procurement, onboarding, or due diligence.

Where appropriate, additional details may be made available through:

  • customer agreements,
  • data processing terms,
  • vendor review processes,
  • onboarding documentation,
  • or direct communication with our team.

14. Changes to this page

We may update this Security page from time to time to reflect changes in our services, practices, vendors, legal obligations, or risk posture.

When we update this page, we will revise the “Last updated” date at the top of the page.

15. Contact

For general security-related questions about this page or our security practices, contact us at:

security@esauti.ca

For privacy-related requests, please use the contact details or request channels identified in our Privacy Policy or relevant privacy pages.