Skip to content
Homany

Security

Security and deployment, summarized for evaluators.

A concrete, assurance-oriented summary of how Homany handles hosting, data, identity, and access - and how to engage our team for a deeper review under NDA.

Request a security reviewReview security & sovereignty

Posture

Control is a property of the deployment, and it's verifiable.

Homany's security model starts from a simple position: the answers to where data lives, who can access it, and who holds the keys should be yours to set and yours to inspect. We expose those as configuration, not as claims you have to accept.

We don't publish certifications we don't hold. Where a framework matters to your review, we share our current, dated posture and any in-progress attestations directly with your security team under NDA - so you assess the real status rather than a logo.

  • Region-pinned data residency - confine workspace data to an EU or GCC region, or self-host.
  • Customer-owned encryption keys - hold and rotate your own keys on self-hosted and BYOC shapes.
  • Audit export to your SIEM - monitoring follows your existing standards.

Assurance

The controls your review will ask about.

  • Data residency

    Pin workspace data to an EU or GCC region you choose, or keep it entirely within your own environment on self-hosted deployments.

  • Key ownership

    On bring-your-own-cloud and on-premise, encryption keys can be owned and rotated by you, using your own key-management standard.

  • Identity & access

    Connect your identity provider via SSO and SCIM, with role-based access shared across internal teams, external collaborators, and agents.

  • Audit & monitoring

    Export audit events to your SIEM, and review a full, reversible log of every agent action - input, output, and reasoning.

  • Least-privilege operations

    On the managed cloud, operational access is limited and auditable; on self-hosted shapes, access is governed entirely by your environment.

  • Governed AI execution

    Agents run under scoped roles and budgets, with bring-your-own or self-hosted models so inference can stay inside your boundary.

Hosting

Three deployment shapes, one product.

The shape is a property of the environment, not a different edition - agents and controls behave identically across all three.

  • Managed sovereign cloud

    We operate a region in the EU or GCC on your behalf.

    • Region selected at provisioning
    • We handle patching, backups, and uptime
    • Identity and audit connect from your side

  • Bring your own cloud

    Homany runs inside your AWS, Azure, or OCI tenancy.

    • Runs under your cloud account and network
    • Customer-owned encryption keys
    • Your existing logging and IAM apply

  • On-premise

    Self-hosted for restricted or air-gapped environments.

    • Runs in your own data center
    • Designed to support air-gapped operation
    • Versioned releases on a cadence you control

Go deeper

Need a deeper security review?

We share our current security posture, key-management model, and any in-progress attestations directly with your team under NDA.

We only state certifications we actually hold - you'll see the real, dated status.

Request documentationReview security & sovereignty