Security built in, not bolted on.
Every layer of the platform — at rest, in transit, on the player, and in the dashboard — is designed to keep your data under your control.
Get in touchSix layers between your data and the outside world.
Security isn't a single feature. It's a set of architectural decisions made at every level of the stack — at rest, in transit, on the player, and inside the dashboard.
256-Bit AES Encryption
All content and user data encrypted at rest. TLS 1.3 for all data in transit. No unencrypted pathway exists anywhere in the platform.
- AES-256 at rest
- TLS 1.3 in transit
- Zero unencrypted pathways
Edge Caching & Offline Security
Content is downloaded and stored encrypted on the player before playback begins. Screens never depend on a live connection during display hours.
- Encrypted local storage
- Offline-first playback
- Silent re-sync on reconnect
Role-Based Access Control
Five permission levels — Owner, Admin, Manager, Editor, Viewer. Scope access per location. Every action is recorded in the audit log.
- 5 adjustable permission levels
- Per-location access scope
- Immutable audit trail
Data Sovereignty
Choose your data region during onboarding. UK data stays in the UK. EU data stays in Europe. Your data never moves without your authorisation.
- UK & EU regional options
- Region locked at account level
- Compliance-ready by default
99.9% Uptime SLA
Redundant infrastructure with automated failover and a multi-region CDN. A service-level agreement backs the uptime commitment — not just a marketing claim.
- Redundant infrastructure
- Automated failover
- Multi-region CDN delivery
Audit Logging
Every login, content change, permission update, and device action is recorded with a timestamp, user, IP address, and action type.
- Full searchable action history
- IP address & device tracking
- CSV & JSON export
Numbers your security team will ask for.
Every metric below is an architectural decision, not a marketing checkbox. These are the figures that matter when you are evaluating a platform for sensitive environments.
The standard trusted by governments, banks, and healthcare systems worldwide. Applied to all data at rest and in transit.
Backed by a formal service-level agreement, not just a target. Redundant infrastructure with automated failover.
Owner, Admin, Manager, Editor, Viewer — each scoped per location. No shared logins. Every action is individually attributable.
UK, EU, and other regional options. Your data region is set at account creation and never changes without your explicit instruction.
Documented answers.
You choose your data region during onboarding — UK, EU, and other regional options are available. Your data stays in your chosen region for the life of your account and never moves without your explicit instruction.
Yes. Audit logs are searchable within Control Tower and exportable as CSV or JSON. You can filter by user, action type, date range, or IP address. Logs are retained for 12 months.
Your data is retained for 30 days after cancellation, then permanently deleted from all systems. Expedited deletion is available on request. We provide a full data export before account closure.
Content is downloaded to the player and stored in encrypted local storage before playback begins. The screen never reads live data during display hours. If the network is lost, the player continues operating — and re-syncs silently when the connection returns.
We are working towards SOC 2 Type II. Our infrastructure runs on SOC 2 certified providers (including AWS and Cloudflare). Contact us for our current security documentation and compliance status.
Hangar supports SAML 2.0 for enterprise SSO. Your team logs in via your existing identity provider (Okta, Azure AD, Google Workspace, and others). User provisioning and deprovisioning flow through your IdP — no separate Hangar password required.