HiBFF home

Trust Center

Built for trust. Verified, transparent, audit-ready.

All systems operational

HiBFF is used by parents, teens, schools, and corporate wellbeing teams. We treat that responsibility seriously. Everything below — uptime, privacy, security, accessibility, compliance — is verifiable by you, today, without needing to email anyone.

Live status

Real-time uptime, component-by-component, last 90 days of incidents.

Open status page

Security policy

Responsible-disclosure policy, scope, safe-harbour, hall of fame.

Read policy

Privacy policy

What we collect, why, who we share with, and your rights under GDPR/CCPA/COPPA.

Read privacy

Terms of Service

The agreement that governs your use of HiBFF, including B2B licensing.

Read terms

Accessibility

WCAG 2.1 AA · UK Public Sector Bodies Regulations · EAA. Reporting workflow.

Statement

Subprocessors

The full list of vendors that process HiBFF data (Postmark, Twilio, Atlas, etc).

View list

Service-level commitment

Our 99.9 % uptime target, last 12 months actuals, compensation policy.

View SLA

Teen Charter

The promises we make directly to the teens who use AvA.

Read charter

security.txt

RFC 9116 — discoverable security contact for scanners and researchers.

View security.txt

Postmortems

Public RFC-style write-ups of any service incidents we've had.

View postmortems

Contact us

Procurement, security, partnerships, press — all routed to a real human.

Get in touch

Compliance & certifications

UK GDPRActive

Data Protection Act 2018, ICO-registered.

EU GDPRActive

EU Representative arrangement; lawful basis documented per processing activity.

COPPAActive

Parent consent, age-gated AvA personality, US-specific data minimisation.

WCAG 2.1 Level AAActive

Tested with NVDA, VoiceOver, axe DevTools, manual keyboard pass.

CCPA / CPRAActive

California consumer rights honoured globally; do-not-sell respected.

Secure-by-defaultActive

HTTPS everywhere, JWT auth, rate-limited APIs, MongoDB Atlas at-rest encryption.

SOC 2 Type IIRoadmap

Evidence collection in progress (audit logs, change management, vendor reviews).

ISO 27001Roadmap

Mapping 27002 controls; targeting 2026 certification.

IMDA / PDPA SingaporeRoadmap

Onboarding kit drafted for Singapore B2B partners.

Your data, your control

Already a HiBFF user? Download every byte we hold on you, or trigger the full erasure workflow — both right from your account settings, no email tickets required.

Open settings

Embed our live status

Drop the live status badge into your pitch deck, partner page, or README. It's a 200-byte SVG that updates automatically and links straight to the full status page.

HiBFF live status badge
<a href="https://hibff.com/status">
  <img src="https://hibff.com/api/status/badge.svg" alt="HiBFF status" />
</a>

Procurement, security, or compliance question?

We answer enterprise security questionnaires within 5 business days. Bug reports get a response within 2.

security@hibff.com business@hibff.com

HiBFF uses essential cookies only — to keep you logged in and remember your preferences. We do not use advertising or tracking cookies. Privacy Policy