Skip to main content

Data Protection & Information Security Ensuring best practices

At Hawk, we go beyond the necessary standards and implement industry best practices to proactively prevent harm.

Information security

Security features

We employ a holistic approach to practical Information Security, meaning every part of the organization participates through technical controls, processes, and awareness. The system was built with a strong focus on security from day zero.

Mission Statement 

Hawk bears an extraordinary responsibility for our clients' data and the flawless, reliable operation of the critical service we provide to them. Security is a matter of trust - our clients' trust.

Security Awareness

This starts with hiring people with a security mindset and includes background checks, regular trainings of all employees, and constant reminders of security threats. Security is at the forefront of our daily work.

Security Management

We have built and are maintaining an Information Security Management System (ISMS) in line with ISO 27001 requirements to proactively manage risks and review our controls via internal and external audits.

Security Testing

We constantly challenge ourselves to improve. This includes regular internal and external testing with vulnerability scans, penetration testing, and testing the implementation of all internal policies.

Secure Coding Practices

Security is embedded in all stages of software development, including four-eye review of every piece of code and code change, OWASP Training, automated security tests, code scanning, end2end tests, and more. We apply these practices to all our code - from Backend, Frontend, and Data Science to Infrastructure Code.  

Extensive Monitoring

Our 24/7 monitoring operations provide extensive security coverage of our cloud services, from the component and hardware level to code. Monitoring and alerting are focused on both availability and security aspects, which enable prompt and effective responses from our team of on-duty experts.

Threat Detection 

We apply state-of-the-art machine learning-supported technology to detect and alert us to intrusions, as well as abnormal or potentially malicious behavior in our environments. This enables our 24/7 on-duty personnel to provide all necessary information and respond in a timely manner.

Certified Practices 

Hawk follows industry best practices to proactively manage information security risks. We review the effectiveness of our technical and organizational practices on a regular, ongoing basis. Hawk is ISO 27001 certified.

Download the certificate here. 

Data protection

Data protection features

Data protection is one of our core principles at Hawk. We truly respect our and our clients’ data. As we are based in Europe, we are fully compliant with the General Data Protection Regulation (GDPR). These rights will apply to all our customers, regardless of where they are.

Access Management

Our access management policies follow the “principle of least privilege.” Our primary method of assigning and maintaining consistent access controls and rights is Role-Based Access Control (RBAC). This includes, but is not limited to, Multi-Factor Authentication (MFA), system access protected via VPNs, strict password policy, and Single-Sign-On (SSO).

Respecting Client Data

All GDPR-relevant Personal Identifiable Information (PII) data gets tokenized, stored separately, and encrypted from other data. PII data elements do not allow tracing or matching to individuals. Access to the data necessary for investigation is secured with a roles and rights system, is logged with an audit trail, and is only granted on an individual case-by-case basis.


All of our systems are protected by sensitive Web Application Firewalls (WAF). These firewalls enable fine-tuned incoming and outgoing traffic management. We utilize Distributed Denial of Service (DDoS) mitigation measures and network intrusion detection software to monitor for malicious activity, providing additional security controls for our network stack.

Data Encryption

All data is encrypted both in transit and at rest, resulting in the robust protection of client data. We use Advanced Encryption Standard (AES) on all information systems to ensure effective encryption. We have deployed HashiCorp Vault to store secrets and manage the key rotation for Personally Identifiable Information in line with GDPR requirements.

Certified Practices

Hawk follows industry best practices to proactively protect client data. We review the effectiveness of our technical and organizational practices on a regular, ongoing basis. Hawk is GDPR certified.

Download the certificate here.

Discover the technology powering the future of AML and fraud detection