Question 1

Which legal entity contracts with my company?

Accepted Answer

Customers in the EU, EEA, and UK contract with IMPOSTERHUNTER S.R.L. (Romania, CUI 54468885, Trade Registry J2026024097006, EUID ROONRC.J2026024097006). Customers in MENA, GCC, and the rest of the world contract with Imposter Hunter Solutions (Dubai, UAE, Trader License #1540371 issued by the Department of Economy and Tourism).

Question 2

What is your compliance roadmap?

Accepted Answer

SOC 2 Type II is in progress with a Q4 2026 target. ISO 27001 is planned for 2027. HIPAA-ready architecture, EU AI Act Article 25 alignment, and GDPR/CCPA controls are active today.

Question 3

Who are your subprocessors?

Accepted Answer

AWS Bedrock for compute and inference (US-East and EU-Central). Google Analytics 4 for aggregated, consent-gated, IP-anonymized traffic measurement (EU Google Ireland, with SCCs for US transfer). Calendly for the consent-gated demo-call scheduling widget (US, with SCCs).

Question 4

Can I pin my data to a specific region?

Accepted Answer

Yes. Region pinning to US or EU is part of the multi-tenant provisioning model. There is no cross-region replication without explicit opt-in.

Question 5

How does the API behave on errors?

Accepted Answer

Fail-closed by design. On any error, the API returns an error, never a false PASS. Real signals only. Your application decides how to handle the open case so you stay in control of the policy.

Question 6

How are CI/CD credentials managed?

Accepted Answer

OIDC-only. No static AWS keys exist anywhere in the deploy pipeline. Credentials are short-lived, rotated per workflow, and scoped to the specific deploy.

Question 7

How do I report a security issue?

Accepted Answer

Email security@imposterhunter.com. Coordinated disclosure is welcome.

Framework	Status	Target	Auditor
SOC 2 Type II	In progress	Q4 2026	Under selection
ISO 27001	Planned	2027	Pending
HIPAA-ready architecture	Active	Pending	Pending
EU AI Act Art. 25 alignment	Active	Pending	Pending
GDPR · CCPA	Active	Pending	Pending

Vendor	Purpose	Region
AWS · Bedrock	Compute & inference	US-East / EU-Central
Google Analytics 4	Aggregated traffic measurement (consent-gated, IP anonymized)	EU (Google Ireland) → US (SCCs)
Calendly	Demo-call scheduling widget (consent-gated)	US (SCCs)

Designed for easy adoption.

Two operating entities.

IMPOSTERHUNTER S.R.L.

Imposter Hunter Solutions

Where we are. Where we're going.

Who we run on.

US or EU. By design.

Errors return errors.

OIDC-only CI/CD.

Stop deception before it reaches you.