Security and Encryption
Learn how Hopsule protects your data with end-to-end encryption, role-based access control, audit trails, and compliance-ready security infrastructure. Security is a baseline, not a premium feature.
Security Philosophy: Preservation Requires Protection
At Hopsule, we believe that organizational memory is a team's most valuable asset. For engineering organizations to trust a system with their most critical decisions and the reasoning behind them, that system must be fundamentally secure. Our security philosophy is built on the principle that enforcement is remembrance, and remembrance is only possible when the integrity and confidentiality of data are guaranteed. We do not view security as a premium feature or an upsell opportunity; it is a baseline requirement for every user, from solo developers to global enterprises.
Hopsule is designed as a decision-first, context-aware memory system. Because we handle the "why" behind your architecture and the "what" of your team's commitments, we maintain a security posture that exceeds industry standards. We ensure that your Decisions, Memories, and Context Packs remain under your control, protected by multi-layered encryption and rigorous access governance. Our commitment to data sovereignty means that your organizational judgment is preserved in a vault, not just a database.
Encryption Standards and Data Protection
Encryption is the foundation of the Hopsule architecture. We employ industry-leading encryption protocols to ensure that your data is protected at every stage of its lifecycle, whether it is being transmitted across the network or residing in our secure environment. We do not compromise on these standards, regardless of the subscription tier you choose.
Data in Transit
All communication between your local environment—including the Hopsule Dashboard, Hopsule CLI, Hopsule for VS Code, and Hopsule API—and our servers is encrypted using Transport Layer Security (TLS) 1.3. This ensures that any data moving between your machine and our infrastructure is protected against interception, tampering, and forgery. We strictly enforce HTTPS for all endpoints and utilize HTTP Strict Transport Security (HSTS) to prevent downgrade attacks.
Data at Rest
Once data reaches the Hopsule environment, it is encrypted using Advanced Encryption Standard (AES) with 256-bit keys. This applies to all primary entities within the system, including the text of your Decisions, the historical context stored in Memories, and the metadata associated with your Context Packs. Even our internal activity logs and the relationships mapped within the Knowledge Graph are subject to the same rigorous encryption standards. Key management is handled through a secure, hardware-backed infrastructure, ensuring that encryption keys are rotated regularly and never exposed to unauthorized personnel.
Important: Hopsule employees do not have access to the plaintext content of your decisions or memories. Our internal administrative tools are designed to manage system health and account metadata without ever surfacing the proprietary organizational judgment you have entrusted to us.
What We Protect
Hopsule categorizes data into several layers, each subject to specific security controls to ensure comprehensive protection of your engineering context.
Decisions: The explicit commitments your team agrees to follow. This includes the title, description, status (Draft, Pending, Accepted, Deprecated), and version history.
Memories: The append-only context entries that explain the reasoning behind your decisions. These are protected with immutable storage patterns to prevent unauthorized modification or deletion.
Context Packs (Capsules): The portable bundles of decisions and memories. Security is maintained even when these packs are shared across projects or teams.
User and Organization Data: Identity information, role assignments, and organizational configurations.
AI Interaction Data: Any queries made to Hopper and the context retrieved via RAG (Retrieval-Augmented Generation) are encrypted and isolated per organization.
Activity Logs: A complete record of who did what and when, ensuring full traceability for audit purposes.
Authentication and Access Security
Securing the perimeter of your Hopsule environment begins with robust authentication. We provide multiple layers of verification to ensure that only authorized team members can interact with your organizational memory.
Secure Session Management
All sessions within the Hopsule Dashboard are managed using secure, encrypted tokens. These tokens are short-lived and automatically refreshed to minimize the risk of session hijacking. When using the Hopsule CLI or Hopsule API, authentication is handled via cryptographically secure access tokens that can be scoped to specific actions and revoked instantly by an administrator.
Multi-Factor Authentication (MFA)
We strongly encourage the use of Multi-Factor Authentication for all accounts. Hopsule supports various MFA methods, including time-based one-time passwords (TOTP) and hardware security keys. For Enterprise organizations, we provide seamless integration with existing Identity Providers (IdP) via SAML and OIDC, allowing you to enforce your own corporate authentication policies and centralized user management.
Tip: For maximum security, administrators should require MFA for all members of their organization within the Hopsule Dashboard settings.
Role-Based Access Control (RBAC)
Governance is a core pillar of Hopsule. Our Role-Based Access Control system allows you to define exactly who can create, accept, or deprecate decisions. This ensures that while everyone can benefit from the team's memory, only authorized individuals can alter the team's formal commitments.
Permission | Owner | Admin | Member | Viewer |
|---|---|---|---|---|
View Decisions & Memories | Yes | Yes | Yes | Yes |
Create Draft Decisions | Yes | Yes | Yes | No |
Accept/Deprecate Decisions | Yes | Yes | No | No |
Manage Context Packs | Yes | Yes | No | No |
Manage Users & Billing | Yes | No | No | No |
Access Knowledge Graph | Yes | Yes | Yes | Yes |
The RBAC model is designed to support the natural lifecycle of a decision. While a Member might use Hopper to draft a new decision based on a recent discussion, an Admin or Owner must review and accept that decision before it becomes an enforceable constraint within the Hopsule IDE Extension. This separation of concerns ensures that your organizational memory remains authoritative and high-quality.
Immutable Audit Trails
Accountability is essential for effective governance. Hopsule maintains a complete, immutable audit trail of every significant action taken within the system. This log provides a chronological record that allows organizations to reconstruct the history of any decision or memory entry.
Audit logs capture the following information:
Actor: The user or system process that performed the action.
Action: The specific operation (e.g., Decision Accepted, Memory Appended, Context Pack Frozen).
Timestamp: The precise date and time of the event in UTC.
Context: The specific entity affected and the state change that occurred.
Source: The interface used (Dashboard, CLI, API, or IDE).
These logs are append-only and protected against modification. For Enterprise customers, audit logs can be exported or streamed to external security information and event management (SIEM) systems for long-term retention and compliance reporting.
IDE and Local Environment Security
The Hopsule for VS Code extension is designed with a "security-first, local-first" mindset. We understand that your source code is your most sensitive intellectual property. Therefore, Hopsule is architected to ensure that your code never leaves your local environment.
When the Hopsule IDE Extension performs enforcement—checking your current code against Accepted Decisions—all processing happens locally on your machine. The extension downloads the necessary decision context from Hopsule and performs the comparison locally. Your source code is never uploaded to Hopsule servers, and it is never used to train our AI models. This "zero-knowledge" approach to source code ensures that you can use Hopsule's enforcement capabilities even in the most restricted and compliant environments.
Important: Hopsule does not require access to your git repositories or source code hosting providers. We operate solely on the decision and memory layer, providing context without requiring access to the underlying implementation details.
AI Security and Hopper Governance
Hopper, our built-in AI assistant, is designed to be advisory, never authoritative. Its role is to help you draft decisions and navigate existing memories, but it never makes a decision on its own. We have implemented several layers of security to ensure that your interactions with Hopper are safe and private.
First, your data is never used to train the base models that power Hopper. Your decisions and memories are used only as context for your specific organization via a secure RAG (Retrieval-Augmented Generation) process. This means Hopper becomes smarter about your team's history without leaking that information to any other Hopsule customer or third-party provider.
Second, Hopsule MCP provides a read-only gateway for external AI agents. When you connect an agent via the Model Context Protocol, it can read your decisions and memories to become context-aware, but it is strictly prohibited from mutating your data. This ensures that AI agents can assist your developers without the risk of them accidentally deprecating a critical architecture decision or corrupting your organizational memory.
Data Residency and Compliance
Hopsule is committed to meeting the highest standards of global data protection and regulatory compliance. We recognize that engineering organizations operate under various legal frameworks, and we provide the tools necessary to meet those obligations.
SOC 2 Readiness
We have designed our internal controls and security practices to align with the Trust Services Criteria for Security, Availability, and Confidentiality. We undergo regular internal audits and are moving toward formal SOC 2 Type II certification to provide independent validation of our security posture.
GDPR and CCPA
Hopsule is fully compliant with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We provide users with the ability to exercise their rights regarding their personal data, including the right to access, rectification, and erasure. Our data processing agreements (DPA) are available for all customers to ensure that data transfers are handled legally and securely.
Data Residency
For organizations with strict data residency requirements, Hopsule Enterprise (Self-Hosted) offers the ability to deploy the entire Hopsule stack within your own infrastructure. This ensures that all decisions, memories, and metadata remain within your geographic and network boundaries, providing the ultimate level of data sovereignty.
Vulnerability Management and Incident Response
Security is a continuous process, not a static state. We proactively seek out vulnerabilities and maintain a rigorous incident response framework to protect our users.
Penetration Testing
Hopsule undergoes regular third-party penetration testing to identify and remediate potential security weaknesses. These tests cover our web applications, APIs, and cloud infrastructure. Findings from these tests are prioritized by our engineering team and tracked through to resolution.
Vulnerability Disclosure Program
We welcome the contributions of the security research community. If you believe you have found a security vulnerability in Hopsule, we encourage you to report it to us through our official disclosure channel. We are committed to working with researchers to validate and resolve reported issues in a timely manner.
Incident Response
In the event of a security incident, Hopsule follows a documented incident response plan. This plan includes procedures for containment, investigation, notification, and recovery. We are committed to transparency and will notify affected customers of any confirmed data breach in accordance with our legal obligations and service level agreements.
Resilience and Disaster Recovery
Preservation means ensuring that your organizational memory survives not just people and system changes, but also technical failures. Hopsule is built on a resilient infrastructure designed for high availability and data durability.
We perform continuous backups of all data, which are stored in multiple geographically isolated locations. These backups are encrypted and tested regularly to ensure that we can meet our Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO). Our system architecture is designed to be fault-tolerant, with redundant components that automatically fail over in the event of a localized outage.
Tip: While Hopsule manages backups for our cloud service, users of Hopsule Enterprise (Self-Hosted) are responsible for managing their own backup and disaster recovery strategies within their infrastructure.
Security for Every Developer
Hopsule was built to be the memory layer for the modern engineering team. Whether you are a solo developer using Hopsule CLI to track your personal project decisions or a CTO managing thousands of engineers across a global organization, your data is protected by the same world-class security infrastructure. We believe that by making security a baseline guarantee, we empower teams to focus on what matters most: making great decisions and building the future.
For further information regarding our security practices or to request a copy of our security whitepaper, please contact our security team through the Hopsule Dashboard support portal.