Sensitive data and files are encrypted client-side prior to submission over the internet. This means that it is already protected with military-grade (256 bit) encryption before it ever leaves your computer to be processed. No data is ever accessible in plaintext to Harbr or its partners.
In addition to the data being encrypted, it is also sent over an encrypted communication channel using the industry standard TLS. This is a second layer of protection while data travels over the internet to be processed by Harbr.
Secure enclaves (a confidential computing technology) are used to process encrypted data. This means that the data can be sent directly for processing while it remains encrypted. The secure TLS channel terminates within a trusted execution environment that is able to process it and return results, without ever revealing the source data in plaintext.
Every time Harbr processes sensitive data, the client and server perform a process called cryptographic attestation. This means that before any data is sent to Harbr (even if encrypted), the processing environment and code are verified to ensure that neither have been tampered with. This happens by confirming values within a cryptographically signed document, whose signature and root certificate are also validated before trusting it.
In addition to the security described above, Harbr employs strict internal controls and policies when handling any customer data. As applicable, this includes robust monitoring, audit logs, and no human access to private keys.