Last Updated: April 25, 2026
Audience: Policyholders, Administrators
Connecting your security tools enables H33 to generate attested cyber-risk evidence.
H33 generates attested cyber-risk evidence only from authorized connections to participating systems and tools. Here is what access means — and what it does not mean.
When a policyholder or its authorized administrator connects systems such as Microsoft, Google, endpoint detection and response tools, backup platforms, cloud environments, identity systems, or other cybersecurity tools, H33 may access limited account, configuration, telemetry, status, log, and control-state information made available through the authorized integration.
H33 uses this information to help verify observed cybersecurity control signals, such as whether certain security settings, identity controls, backup controls, endpoint controls, cloud controls, or related configurations appear to be enabled, disabled, present, absent, current, or materially changed at a given point in time. H33's outputs may include control-state attestations, verification summaries, timestamps, logs, proof bundles, or related technical evidence.
H33 does not act as the policyholder's security administrator, managed security provider, insurer, broker, claims administrator, or compliance advisor. Unless expressly authorized through a specific integration, H33 does not access the contents of emails, documents, messages, files, or business records; does not modify customer systems; does not remediate vulnerabilities; and does not determine whether the policyholder is compliant with any law, regulation, insurance requirement, or security framework.
H33's outputs may be shared with the insurer, broker, policyholder, or other authorized parties identified in the applicable authorization flow, order, or program materials. The insurer or broker may use H33-generated proof bundles to support underwriting, renewal, portfolio review, risk engineering, claims review, or related cyber-insurance workflows. H33 does not determine eligibility, premium, coverage, claim payment, claim denial, or regulatory compliance.
Activation requires the person connecting the systems to have authority to grant access to the relevant accounts, tools, data, and environments. The policyholder is responsible for ensuring that all information provided to H33 is accurate and complete, that all connected systems are properly identified and authorized, and that the permissions granted to H33 accurately reflect the intended scope of access.
H33 is not responsible for inaccurate, incomplete, stale, unavailable, mislabeled, or misleading outputs caused by incorrect information, insufficient permissions, disabled logging, unavailable telemetry, third-party API limitations, integration errors, customer-side misconfiguration, unauthorized access granted by the customer, or systems outside H33's control.
Authorization may be revoked through the applicable H33 workflow, insurer/broker program process, or the connected third-party platform's administrator settings. Revocation will stop future access through the revoked integration, but it may not delete or invalidate proof bundles, logs, reports, attestations, or other outputs already generated or shared before revocation. Data deletion, retention, and export rights are governed by the applicable H33 terms, privacy terms, security terms, and program documentation.