Security and privacy
Sensitive records deserve architecture built around restraint.
Hammer Domicile is being designed around least-privilege access, private file delivery, accountable activity, and clear control by the household.
This page describes the intended production architecture. It does not claim certifications or controls that have not been independently verified.
Security model
Trust is a product behavior, not a badge.
Access comes first
Every protected query, file request, export, and role change must be authorized against household and professional relationships.
Private file delivery
Sensitive files are designed for private object storage and short-lived access, not durable public links.
Role-scoped collaboration
Household owners, members, advisors, reviewers, and support roles receive distinct capabilities.
Accountable activity
Invitations, document changes, downloads, reviews, exports, and billing events are recorded.
Strong authentication
MFA is planned as required for advisors and administrators, with step-up verification for sensitive actions.
Data minimization
General analytics must not receive document content, financial details, or sensitive filenames.
Data lifecycle
Clear handling from upload through deletion.
Validate type and size, calculate integrity metadata, and scan before availability.
Keep private bytes separate from application metadata and permissions.
Authorize first, then issue short-lived file access or stream through a protected endpoint.
Record relevant activity and preserve immutable file versions.
Create accountable exports and support customer-controlled deletion and retention workflows.
Responsible claims
What we will not imply.
Hammer Domicile will not call itself SOC 2, ISO 27001, bank-grade, or compliant with a regulated framework until the applicable controls and independent work exist. Product language will distinguish design intent from verified status.
Preparedness starts here