Security & Trust

    Your player data stays where it belongs.

    HumanGraph is designed for environments where data sovereignty, regulatory exposure, and integration complexity are real constraints. It works from pseudonymised inputs, supports on-premise or hosted deployment, and returns outputs that fit inside systems you already operate.

    How Pilots Work

    No unnecessary data. No forced complexity. No long-term lock-in.

    Most environments do not need more raw data complexity. They need early intelligence that can be deployed responsibly, using the data already available in operational systems, without forcing major architectural change.

    HumanGraph is designed around that principle. It generates early signals from minimal, pseudonymised roll-up data and returns those signals in formats that teams can review, test, and activate inside the systems they already use.

    Trust Principles

    Built to be safe to adopt and easy to operate.

    Your data doesn't leave without your permission

    • Works from pseudonymised, time-stamped activity — no PII required
    • Deploy on your infrastructure or ours — you choose
    • No direct database access or raw event streams needed

    Minimal footprint, from day one

    • No full historical data dependency to get started
    • Integrates via REST API, CSV, or hybrid paths
    • Outputs slot into systems you already operate

    Controlled adoption, not a big-bang rollout

    • Start with one focused pilot — validate before committing
    • Signals are explainable and auditable — no black box
    • Expand only once operational fit is confirmed
    Security Posture

    How we handle your data, technically

    These are the concrete controls in place today — not aspirational claims.

    Encryption in Transit & At Rest

    All data transmitted to HumanGraph infrastructure uses TLS 1.2+. Data stored on our servers is encrypted at rest using AES-256.

    Infrastructure

    Cloud-hosted deployments run on AWS (EU region by default). On-premise deployments operate entirely within your own infrastructure — no data leaves your environment.

    Access Controls

    Role-based access controls limit who can view, export, or modify data and model outputs. Access logs are maintained for all data operations.

    Data Retention

    Input data is retained only for the duration required to generate predictions. We do not build persistent player profiles beyond the operational window defined with the operator.

    Deployment

    Deploy with minimal disruption

    HumanGraph is designed for lightweight deployment in real environments. Integration does not require major system changes, complex data pipelines, or long implementation cycles. teams can start with limited scope and expand gradually as value is proven.

    API Integration

    Use secure REST API integration for real-time ingestion or aggregated operational data exchange.

    CSV-Based Exchange

    Start with simple file-based uploads for pilots, evaluations, or staged rollout.

    On-Premise Deployment

    Full deployment within your own infrastructure. No data leaves your environment. Supported for operators in MGA, UKGC, and other regulated jurisdictions.

    Data Readiness

    Start with the data you already have

    HumanGraph is built to work with a limited set of transactional and behavioural signals already available in systems. It does not depend on a perfect historical data environment to begin producing useful early intelligence.

    That makes it well suited to environments where data access is constrained, infrastructure is uneven, or privacy requirements are high.

    What this means in practice

    • No historical product training required
    • Limited, pseudonymised behavioural inputs
    • No direct or indirect PII required
    • Designed to work with data already available in systems
    Data Boundaries

    Data flows in. Insights come out. Nothing else leaves.

    HumanGraph ingests pseudonymised, time-stamped operational activity. It does not require raw player identifiers, full event streams, or direct database access. Outputs are returned in formats that integrate with your existing tools — not stored or processed beyond the agreed operational window.

    Data boundary — configurable on-premise or hosted
    SOURCESystems
    INGESTPseudonymised Inputs
    PROCESSHumanGraph Products
    OUTPUTSignals · Scores · Segments · Triggers
    SOURCESystems
    INGESTPseudonymised Inputs↕ Data boundary — configurable on-premise or hosted
    PROCESSHumanGraph Products
    OUTPUTSignals · Scores · Segments · Triggers
    Controlled Rollout

    Start with a controlled rollout

    A HumanGraph pilot is a short, structured deployment designed to validate early player intelligence in your environment quickly, with minimal integration effort and no long-term commitment. Teams can begin with one focused product, evaluate signal quality against observed outcomes, and expand only once operational fit is clear. All pilot data handling is governed by a signed DPA before any integration begins.

    The pilot approach is especially useful where strict privacy constraints, weak historical availability, or inconsistent data infrastructure would otherwise slow adoption. HumanGraph is designed to degrade gracefully when data is limited and sharpen as fresh operational evidence arrives.

    01Select a use case
    02Ingest practical inputs
    03Validate signals
    04Expand with control
    Regulated Environments

    Designed for regulated environments

    HumanGraph follows a privacy-safe operating model aligned with data minimisation and privacy-by-design principles. Its approach is intentionally practical: pseudonymised inputs, limited required data scope, modular deployment, and controlled activation inside existing systems. This helps teams move faster without treating trust as an afterthought.

    Compliance

    Where we are, and where we're going

    We believe transparency about our compliance posture is more useful than empty badge displays.

    Current Posture

    • Pseudonymised inputs by default — no PII processed
    • GDPR-aligned data handling principles built into product architecture
    • Data Processing Agreement (DPA) available on request
    • Internal security policies reviewed quarterly
    • Responsible disclosure policy in place

    On Our Roadmap

    • SOC 2 Type II — currently scoping
    • ISO 27001 alignment assessment
    • Pen testing by third-party vendor (planned Q3 2026)
    • Formal subprocessor register

    We will update this section as milestones are reached. Last reviewed: April 2026.

    Start with a Discovery Call

    Test signal quality and operational fit in a controlled environment before broader deployment. Use practical inputs, validate real outcomes, and expand with confidence.

    Related Pages

    PlatformProductsMethodologyBook a Discovery Call

    Cookies and Privacy

    HumanGraph may use cookies or similar technologies to support core website functionality and understand site usage. Essential cookies are always active and cannot be disabled.

    Optional cookies (analytics and marketing) will only be activated with your explicit consent. You can change or withdraw your consent at any time.

    Learn more in our Privacy and Cookies pages.

    Essential

    Required for the website to function.

    By clicking "Save Preferences" or "Accept All", you consent to the use of optional cookies as described in our Privacy and Cookies pages.