Security
Han AI is built on a single-tenant model. Each workspace runs on its own Ubuntu VPS with its own secrets, its own database, and its own Telegram bot. No infrastructure is shared between workspaces.
Isolation
| Layer | Posture |
|---|---|
| Compute | One Ubuntu VPS per tenant. Provisioned and operated by Vultr. |
| Runtime user | Han AI services run as the unprivileged hanai user, not root. |
| Network | Caddy fronts the VPS on ports 80/443 with auto-renewed Let’s Encrypt TLS. The vector store and other internal services bind to loopback only. |
| Cross-tenant | There is no central platform server. Fleet operations are driven from the operator’s laptop over SSH. |
Secrets
All secrets — Telegram bot token, OpenAI key, Airtable PAT, session secrets, optional SMTP credentials — are stored in an age-encrypted vault on the VPS (~/.hanai-vault.age). The vault is decrypted into runtime environment files at boot. Secrets are never committed to source control.
A safeSecret(key) wrapper means a missing optional secret degrades the affected tool gracefully rather than crashing the runtime.
Transport security
- TLS 1.2 or higher for all data in transit, terminated by Caddy.
- SSH key-based authentication for VPS access. No password login.
- Telegram traffic uses Telegram’s transport security.
Encryption at rest
- AES-256 (or equivalent) on Han AI-controlled storage.
- Sub-processor encryption follows their respective certifications.
Access control
- Principle of least privilege across all administrative accounts.
- Multi-factor authentication required on administrative accounts.
- Access revoked on personnel departure within 24 hours.
Logging and monitoring
- Application and security event logs retained for at least ninety days.
- Anomalous access patterns trigger alerts.
Backup and recovery
- Daily backups of operational data.
- Backups retained for thirty days rolling.
- Restore tested at least quarterly.
Annex C of the DPA
The full technical and organisational measures are documented in DPA Annex C.