Compliance
Regulatory alignment documentation for Hoziron deployments.
Status
Compliance documentation is coming in the next phase. The core infrastructure for compliance is already in place:
- Audit trail — Tamper-evident Merkle chain recording all API operations (guide)
- PII pipeline — Tokenization at agent boundaries preventing data leakage (internals)
- Data sovereignty — All state stored locally, configurable provider routing, air-gapped support
- RBAC — Role-based access control with key expiration and brute-force protection (guide)
Planned coverage
| Framework | Status | Document |
|---|---|---|
| GDPR | In progress | gdpr.md |
| POPIA | In progress | popia.md |
| SOC 2 | In progress | soc2.md |
| HIPAA | Planned | — |
What's available today
Even without formal compliance documentation, the platform provides the technical controls needed for regulated environments:
- Enable the audit trail for comprehensive activity logging
- Configure authentication and RBAC for access control
- Use air-gapped deployment for data residency requirements
- Review the hardening checklist for security baseline
Related: