Helios/Legal

Security

Last Updated: May 17, 2026

SectionInfrastructure Security

Security is foundational to Helios.

Helios is designed for regulated and high-trust environments where identity verification, compliance workflows, and sensitive operational systems require strong privacy and infrastructure guarantees.

Infrastructure Security

Helios deployments may operate:

  • fully on-premises within customer infrastructure
  • in private cloud environments
  • through managed infrastructure operated by SAGEA

Security controls may include:

  • encrypted communication channels
  • restricted administrative access
  • role-based access control (RBAC)
  • infrastructure segmentation
  • audit logging
  • credential isolation
  • hardened deployment configurations
  • secure software delivery practices

On-Premises Privacy Model

For on-premises deployments:

  • customer and end-user data remain entirely within customer-controlled systems
  • SAGEA does not collect or retain biometric records, KYC documents, or verification databases
  • customers maintain full ownership and control over stored data

This architecture minimizes external exposure and enables customers to enforce their own compliance and retention requirements.

Managed API Deployments

For customers using SAGEA-managed APIs:

  • customer submissions are processed only for the duration necessary to provide requested services
  • SAGEA does not use customer verification data for advertising or AI training without explicit written consent
  • limited anonymized telemetry may be collected for debugging, abuse prevention, reliability monitoring, and operational security

Telemetry does not intentionally include personally identifiable customer end-user verification data.

Access Controls

Internal access to production systems is restricted to authorized personnel with legitimate operational requirements.

Access is governed through principles including:

  • least privilege access
  • authentication enforcement
  • environment isolation
  • access auditing

Responsible Disclosure

If you believe you have discovered a security vulnerability affecting Helios, please report it responsibly.

Security reports may be submitted to: [email protected]

Please include:

  • affected components
  • reproduction steps
  • proof-of-concept details if available
  • potential impact assessment

SAGEA requests that researchers avoid:

  • disrupting customer systems
  • accessing customer data
  • performing destructive testing
  • publicly disclosing vulnerabilities before remediation

Availability and Incident Response

SAGEA works to maintain reliable infrastructure and respond promptly to operational incidents.

However:

  • no system can guarantee uninterrupted availability
  • customers remain responsible for securing their own infrastructure and integrations
  • enterprise SLAs or incident response obligations may vary depending on contractual agreements

Security Updates

Security practices and controls may evolve over time as Helios infrastructure and deployment models mature.

Material changes may be reflected on this page or within enterprise agreements.

For additional enterprise security inquiries: