Company / Security & trust
Security & trust.
Infrastructure posture, data handling, and compliance across The Horizon Hub, Skylink, Kodex, and Bao. Four products, four regulatory profiles.
Infrastructure
Skylink Tier III+ at the core.
Self-hosted products run on Skylink Tier III+ facilities in Florida. Carrier-neutral: AWS, Azure, GCP. Skylink sets the baseline.
Tier III+
Uptime classification
HIPAA
Healthcare workloads
200 mph
Wind rating · facilities
24/7
Monitored security
By product
Each product, its own posture.
Four products, four profiles.
| The Horizon Hub | Mosaic processes on Global Payments rails. ACH at 1.00% + $0.25. Payment data is tokenized and PCI-handled at the processor. Event data is held in the Horizon Cloud environment. |
|---|---|
| Skylink Data Centers | Tier III+ classification. HIPAA compliant. Regulation-compliant data centre. 200 mph wind-rated structures. 4-hour fire rating. FM 200 chemical fire suppression. 24/7 monitored, anonymously designed. Staffed by certified IT administrators and engineers. |
| Kodex | Connects to player platform accounts via OAuth. Library metadata only. No payment data held; transactions remain on the player's source platform. |
| Bao | Read-only by default. Connects to GitHub, Vercel, Supabase, Sentry, and AWS via OAuth or read-only API tokens. Bao reads metadata and configuration; source code stays in your repositories. Auto-fix proposals are opt-in and shipped as PRs you approve. |
Data handling in Hong Kong
PDPO-aligned, with regional residency on the roadmap.
HK customer relationships operate under the Hong Kong PDPO. Regional data residency is on the Skylink APAC roadmap. Until then, hosted product data may be stored in Florida under the existing Skylink posture.
| PDPO | Hong Kong Personal Data (Privacy) Ordinance — customer data handling |
|---|---|
| Residency | Florida (today) · Hong Kong (APAC roadmap, 2027+) |
| Encryption | In transit and at rest, by product |
| Access | Least-privilege by role; audit logs available to enterprise customers |
Security or compliance question?
For DPA requests, security questionnaires, and audit support across the portfolio, reach the team directly.