Your evidence. Your infrastructure. Your rules.
RADAR is architected for zero-trust environments. No cloud, no phone-home, no vendor access to your data. The security model is the product.
01
Self-hosted by design
RADAR runs entirely within your network. There is no cloud component, no phone-home, no license server, and no external API dependency. Your evidence never leaves your infrastructure — because there is nothing for it to leave.
02
Encrypted at rest and in transit
All evidence is encrypted with Fernet (AES-128-CBC + HMAC-SHA256) at rest. Keys are managed within your infrastructure — RADAR never has access to them. TLS 1.3 is planned for a future release. Today, dashboard access is over HTTP within your private network.
03
Tamper-proof chain of custody
Every evidence record is hashed with SHA-256 and linked into a Merkle chain. Tampering with any record breaks the chain — immediately detectable by your auditor. The chain lives in your infrastructure, not in a vendor database.
04
Access control and audit
Role-based access control with enterprise SSO support (OIDC, SAML — license-gated). Every action is logged with timestamp, actor identity, and affected resources. Audit logs are part of the evidence chain.
05
Air-gap capable
RADAR deploys as a single Docker container with zero external connectivity requirements. It operates in environments with no outbound internet access. Updates are applied by pulling a new container image — no remote repositories, no external dependencies.
Questions about our security model?
We are happy to walk through the architecture in detail. No NDAs required.