Your evidence. Your infrastructure. Your rules.

RADAR is architected for zero-trust environments. No cloud, no phone-home, no vendor access to your data. The security model is the product.

01

Self-hosted by design

RADAR runs entirely within your network. There is no cloud component, no phone-home, no license server, and no external API dependency. Your evidence never leaves your infrastructure — because there is nothing for it to leave.

02

Encrypted at rest and in transit

All evidence is encrypted with Fernet (AES-128-CBC + HMAC-SHA256) at rest. Keys are managed within your infrastructure — RADAR never has access to them. TLS 1.3 is planned for a future release. Today, dashboard access is over HTTP within your private network.

03

Tamper-proof chain of custody

Every evidence record is hashed with SHA-256 and linked into a Merkle chain. Tampering with any record breaks the chain — immediately detectable by your auditor. The chain lives in your infrastructure, not in a vendor database.

04

Access control and audit

Role-based access control with enterprise SSO support (OIDC, SAML — license-gated). Every action is logged with timestamp, actor identity, and affected resources. Audit logs are part of the evidence chain.

05

Air-gap capable

RADAR deploys as a single Docker container with zero external connectivity requirements. It operates in environments with no outbound internet access. Updates are applied by pulling a new container image — no remote repositories, no external dependencies.

Questions about our security model?

We are happy to walk through the architecture in detail. No NDAs required.