Trust Center | Six Sense Solutions

How we handle your data

Zero Credential Storage

Generated credentials exist only in memory during the API call and in the HTTP response returned to you. We never write, store, cache, or retain any generated credential. Ever.

No Password Logging

CloudWatch logs record request metadata only. Timestamp, key ID prefix, length requested, compliance profile, response time. Generated passwords never appear in any log.

Cryptographic Generation Only

Every credential is generated using Node.js crypto.randomInt() exclusively. Math.random() does not exist anywhere in our codebase. The source is auditable.

Encrypted at Rest

All persistent data including API keys and usage counters is stored in AWS DynamoDB with server-side encryption enabled using AWS managed keys.

Compliance framework alignment

Six Sense Solutions is actively pursuing formal certifications. The statuses below reflect current architectural alignment and progress, not completed certification.

Framework	Status	Details	Documentation
NIST 800-63B	Aligned	Minimum length enforcement, character requirements, ambiguous character exclusion, entropy documentation per response	Available in API response metadata
SOC2 Type II	In Progress	Password controls, audit logging, encryption at rest, access controls implemented	Report pending
NIST SSDF	Aligned	Shift-left security practices, secure by design architecture, no Math.random() in codebase	Available on request
CMMC Level 1	Alignment in Progress	Access control, identification and authentication practices are being aligned	Assessment pending
FedRAMP	Roadmap	AWS GovCloud deployment option on product roadmap	Timeline available on request

Infrastructure and architecture

Cloud Provider

AWS us-east-1, with GovCloud deployment on roadmap

Compute

AWS Lambda with reserved concurrency cap and dead letter queue

Database

AWS DynamoDB with point-in-time recovery and encryption at rest

API Gateway

AWS API Gateway HTTP API v2 with custom domain and wildcard SSL

Logging

AWS CloudWatch with 30-day retention, no credential data ever logged

Infrastructure as Code

All resources managed with Terraform, auditable state in S3

K-anonymity breach detection

The /v1/breach-check endpoint checks credentials against the HaveIBeenPwned database of 850 million known breached passwords. The implementation uses k-anonymity: only the first 5 characters of the SHA-1 hash are sent to the external API. The plaintext credential and full hash never leave the Six Sense Lambda environment. This design means Six Sense Solutions never sees your credentials even during breach checking.

Government procurement readiness

SAM.gov Registration: Submitted April 8, 2026. Reference INC-GSAFSD20902505. Pending UEI and CAGE code assignment.
NAICS Codes: 541519 (Other Computer Related Services), 541512 (Computer Systems Design Services), 541690 (Other Scientific and Technical Consulting Services)
PSC Codes: DJ01 (IT and Telecom - Security), DA01 (IT and Telecom - Business Application Support)
Capabilities Statement: Available for download below. Updated when UEI and CAGE code are assigned.

Download Capabilities Statement

Security inquiries

For security assessments, compliance documentation requests, or government procurement inquiries, contact us directly. We respond to all security and procurement inquiries within one business day.

Email: hello@sixsensesolutions.net

Contact Us