The defaults a CISO expects, stated plainly
A platform that sells evidence has to hold itself to the same standard. This page states what Helixar’s security posture is, what the evidence chain can and cannot claim today, and where the legal documents live.
- Fail-closed by default
- KMS-backed signing keys
- Least-intrusion interception
- Multi-tenant isolation
Security posture
Fail-closed by default
If inspection or the audit write cannot complete, AI traffic is blocked, not waved through. Security over availability, by design.
KMS-backed signing keys
Audit events are Ed25519-signed with keys held in cloud KMS custody, in-region where residency requires it.
Least-intrusion interception
Only AI-provider traffic is decrypted and inspected. All other traffic passes through untouched, privacy and liability stay contained.
Multi-tenant isolation
Strict org isolation across every data plane, with in-region or fully on-premises deployment options.
The evidence-honesty statement
Helixar’s audit trail is tamper-evident and independently verifiable. Third-party immutability requires external anchoring (RFC-3161), which is built and enabled per tenant at onboarding, we do not describe the trail as “immutable” until anchoring is on in your deployment.
We hold our marketing to the same vocabulary our product UI enforces. If a claim on this site can’t be demonstrated in your environment during a pilot, tell us, that’s a bug in the site, and we’ll fix it.
This candour is deliberate: with a compliance buyer, the product is the evidence. Verify it yourself →
Legal
Balanced on purpose: no blanket guarantee of security, documented operational commitments and SLAs instead. References the Australian Privacy Act and the NZ Privacy Act 2020.