Proof Lab
StartEcosystemResearchExplore (579)Live Systems (52)Pricing
Log InGet API Key✓ Verify It Yourself
Legal & Compliance

Legal & Compliance Documents

All H33 legal agreements, compliance certifications, and regulatory documentation in one place. H33 is committed to transparency: every legal document is publicly accessible, versioned, and backed by the same post-quantum cryptographic infrastructure that protects your data.

Core Agreements

Legal Agreements

The foundational agreements governing your use of H33's platform, data processing, and associated services.

Terms of Service

The binding agreement governing use of the H33 platform, API, SDKs, and all associated services. Covers acceptable use, intellectual property, liability limitations, and dispute resolution procedures for all H33 products and services.

Core Agreement
P

Privacy Policy

How H33 collects, processes, stores, and protects personal data. Details the categories of data collected, purposes of processing, retention periods, data subject rights, and the technical measures used to protect personal information including FHE and post-quantum signatures.

Privacy
D

Data Processing Agreement

GDPR-compliant data processing terms defining H33's obligations as a data processor. Covers the scope and purpose of processing, sub-processor management, data subject rights procedures, cross-border transfer mechanisms, and data breach notification timelines.

GDPR Required
B

Business Associate Agreement (HIPAA)

The HIPAA Business Associate Agreement for organizations that process Protected Health Information (PHI) through H33. Covers safeguards for PHI, breach notification requirements, permitted uses and disclosures, and individual rights under HIPAA.

Healthcare

Acceptable Use Policy

Permitted and prohibited uses of the H33 platform. Defines boundaries for API usage, rate limits, prohibited activities (illegal content, abuse, reverse engineering), and the enforcement procedures for policy violations.

Core Agreement

Billing Policy

Payment terms, invoicing schedules, refund procedures, credit expiration rules, and dispute resolution for all H33 commercial plans. Covers metered API usage billing, enterprise invoicing, and free tier limitations.

Core Agreement

Accessibility Statement

H33's commitment to WCAG 2.1 AA accessibility standards across all web properties, documentation, and user interfaces. Details the accessibility features implemented, known limitations, and the process for reporting accessibility issues.

Accessibility
C

Cookie Policy

How H33 uses cookies, local storage, and similar tracking technologies. Includes categories of cookies used (essential, analytics, functional), opt-out mechanisms, and cookie retention periods across all H33 web properties.

Privacy
Compliance & Certifications

Regulatory Compliance

H33's compliance posture across major regulatory frameworks and industry certifications. Each compliance page details how H33's post-quantum cryptographic infrastructure addresses the specific requirements of the framework.

G

GDPR Compliance

How H33 addresses all GDPR requirements through post-quantum cryptography: right to erasure via cryptographic deletion, right of access via attested DSAR exports, data protection by design via FHE, and security of processing via three-family PQ signatures.

EU Regulation
S

SOC 2 Type II

H33's SOC 2 Type II audit covers the Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. H33's deterministic attestation infrastructure provides cryptographic evidence for each control, enabling continuous compliance monitoring.

Audit
I

ISO 27001

H33's information security management system aligns with ISO 27001 requirements. The platform's cryptographic architecture provides technical controls that map to ISO 27001 Annex A controls, with post-quantum signed attestations as evidence of control effectiveness.

Certification
P

PCI DSS

H33's approach to PCI DSS compliance for organizations processing payment card data. FHE enables computation on encrypted cardholder data without decryption, while post-quantum signatures protect transaction integrity against future quantum threats.

Payments
N

NIST FIPS 203/204

H33's implementation of NIST post-quantum cryptography standards: FIPS 203 (ML-KEM) for key encapsulation, FIPS 204 (ML-DSA) for digital signatures, plus FALCON and SLH-DSA for defense-in-depth. Three independent hardness assumptions protect every operation.

NIST Standards
Our Commitment

Transparency and Compliance

H33 believes that trust is built through verifiable transparency, not through marketing claims.

Cryptographic Accountability

Every legal commitment H33 makes is backed by cryptographic infrastructure. When we say data is encrypted, it is encrypted under Fully Homomorphic Encryption -- meaning the data is never decrypted during processing, not even by H33 systems. When we say audit trails are tamper-proof, they are secured by post-quantum signatures across three independent mathematical hardness assumptions. When we say data is deleted, cryptographic key shredding makes recovery mathematically impossible.

This approach means that compliance with H33's legal commitments is not a matter of trusting H33's word -- it is a verifiable property of the cryptographic system. Regulators, auditors, and customers can independently verify H33's compliance posture using publicly available verification tools and the HATS conformance standard.

Document Versioning

All H33 legal documents are versioned and dated. Material changes to any legal document are communicated to affected users in advance of the effective date. Previous versions are maintained in our document archive for reference. Each version change is itself attested through H33-74, creating a cryptographic chain of custody for legal document evolution.

Contact

For questions about any legal document, compliance certification, or data protection inquiry, contact support@h33.ai. For billing-related questions, contact billing@h33.ai. Enterprise customers with executed agreements may contact their designated account manager directly.

H33 responds to all legal and compliance inquiries within 2 business days. Data subject access requests under GDPR are fulfilled within the regulatory timeframe. For urgent data protection matters, include "URGENT" in your subject line.

Questions About Our Legal Documents?

Our team is available to discuss any legal, compliance, or data protection questions. Enterprise customers can request custom DPA terms or BAA modifications.

Contact Support Compliance Overview