Trust & Safety

HATS does not store, access, or process customer data. Terminal emits proofs, not payloads. Only hashes, control states, timestamps, and attestation receipts are collected.

Raw data never leaves the policyholder's environment. What flows to HATS are cryptographic derivatives — hash digests, boolean control states, and signed timestamps. There is no database of customer records, no data lake, no plaintext at rest or in transit.

H33 does not engage in underwriting, pricing, coverage determination, claims adjudication, or any activity requiring an insurance license. HATS provides evidence. Insurers make decisions.

The line is absolute. HATS never recommends, scores, ranks, approves, or denies. Every output is a factual assertion about system state — cryptographically attested, timestamped, and delivered as structured evidence for the insurer's own decision process.

HATS does not determine risk levels, approve or deny coverage, set premiums, or trigger payouts. All outputs are evidentiary inputs to human decision processes.

There is no risk score, no recommendation engine, no automated approval path. HATS produces facts about system state. What those facts mean for coverage, pricing, or claims is entirely the insurer's determination.

All system access requires explicit policyholder authorization via OAuth or equivalent. Access is read-only. Credentials are never stored. Authorization can be revoked at any time.

The policyholder initiates every connection. Each integration uses standard OAuth flows with minimal scopes — read-only access to configuration and control-state metadata. No write access, no administrative privileges, no credential persistence.

Every output is cryptographically attested by three independent post-quantum signature families (ML-DSA-65, FALCON-512, SLH-DSA). Outputs are deterministic and reproducible.

This is not a trust-me architecture. Every fragment produced by HATS carries three independent post-quantum signatures from distinct mathematical families — lattice-based, hash-based, and structured-lattice. Any party with the public keys can independently verify any output at any time.

H33 protects data during processing by cryptographic methods that reduce plaintext exposure risk. H33 does not control or govern third-party AI systems or their behavior.

When data passes through AI systems or automated workflows, HATS ensures that sensitive information remains cryptographically protected. This is a technology boundary — H33 provides the cryptographic envelope; what happens inside the AI system is outside H33's scope and responsibility.

All regulatory obligations related to insurance products, compliance, and consumer protection remain with the licensed insurer. H33 operates as a technology service provider.

H33 does not hold, apply for, or require any insurance license. The insurer retains full responsibility for compliance with state and federal insurance regulations, consumer protection obligations, rate filings, and all other regulatory requirements associated with the insurance products they offer.