We see what matters.
We touch nothing.
sEyeber Hub is a read-only observer — a private eye quietly working in the background of your Microsoft environment, finding what you need to know and handing you the proof. We never change a setting, open an email, or write a single line back into your tenant.
What every executive is really thinking
Two questions no one says out loud — but everyone asks.
I don't want to be the one who let the wrong tool into our environment.
If something goes wrong — what's my way out? Where is the parachute cord?
We built sEyeber Hub to answer both of those questions before you ever have to ask them. Read-only by design. Encrypted before it leaves Microsoft. Disconnect with one click — no call, no ticket, no waiting. The parachute cord is right there, and you hold it.
Six reasons sEyeber Hub does not introduce new risk to your environment.
These are not aspirations or future roadmap items. They are the foundation the product was built on from day one.
sEyeber Hub is read-only — always. No email content, no file contents, no write access, no ability to send, change, or delete anything in your Microsoft environment. We observe security posture. We do not operate inside it.
Access requires your existing Microsoft identity. There is no sEyeber Hub username or password — none. Multi-factor authentication via Microsoft Authenticator is required for every sign-in. We hold zero credentials of any kind.
Your scan data lives in your own private, encrypted vault. It powers your reports and your reports only. It does not leave your organizational boundary, it is not pooled with other firms, and it is never used for any purpose outside of delivering your service.
Everything we read is encrypted in transit using TLS. When it arrives, it is encrypted at rest using AES-256. The encryption keys are held separately in Microsoft Azure Key Vault — a Microsoft-managed service. A breach of our systems alone reveals nothing readable.
You can remove sEyeber Hub's access anytime, in two ways — from Settings inside sEyeber Hub, or directly inside your own Microsoft admin center without involving us at all. No call to make. No ticket to open. No dependency on sEyeber Hub to take it back.
Verified Microsoft Publisher. Microsoft Partner Network (ID 7130908). SOC 2 in progress (expected Q1 2027). Built entirely on Microsoft Azure. Our security posture is independently audited — not just stated by us.
What sEyeber Hub explicitly does NOT do — ever
Identity & Access
No sEyeber Hub password exists to steal.
We made a deliberate decision early in our design: sEyeber Hub would never create its own credential system. No username. No password. No secret that lives outside Microsoft's own identity infrastructure.
Every person who accesses sEyeber Hub signs in through Microsoft Entra — the same identity your organization already manages and controls. Multi-factor authentication through Microsoft Authenticator is required, not optional.
The result: if sEyeber Hub were ever targeted by an attacker, there are no credentials stored with us that could be used to access your Microsoft environment. The keys were never ours to lose.
sEyeber Hub wasn't designed around a vendor's opinion of cybersecurity.
It was built on the same frameworks your regulators and examiners use to evaluate your firm. When they ask what standard you used — your answer is already their answer.
The exam checklist FINRA uses to evaluate broker-dealer cybersecurity programs. Built into our product structure from the start.
The federal standard for protecting customer financial records. sEyeber Hub is designed to help you document and demonstrate compliance — and we follow it ourselves.
The national framework for cybersecurity risk management. Your sEyeber Hub report maps directly to NIST CSF 2.0 categories so your findings speak the language regulators already use.
AI access to your data is now an exam topic. sEyeber Hub was designed to the NIST AI RMF — the standard for governing AI risk responsibly.
Three moments every RIA and broker-dealer executive dreads
The call you're never ready for — until you are.
Scenario 1: The examiner asks for your Incident Reporting program.
It's 9:07 a.m. at a regional broker-dealer. The FINRA examiner is in the conference room and she's asking for the Incident Reporting program. Not a summary. The program.
The CCO opens her laptop and pulls up sEyeber Hub. The report is there — current as of last night, timestamped, organized against the FINRA Cybersecurity Checklist. She walks in with it in under four minutes. Built before they arrived.
Scenario 2: The board asks "Are we protected?"
Three weeks later. Board meeting. Slide 14. A director leans forward: "Are we actually protected?"
The CTO doesn't hedge. She opens the same dashboard. Secure Score trending up. No critical gaps. Third-party access logged and read-only. "Yes. Here's the evidence."
Scenario 3: A client-data breach. Two clocks start immediately.
A vendor reports a breach. Client data may be involved. Two clocks start the moment it's confirmed.
The regulatory clock: under Reg S-P, if a service provider breach involves client data, your firm must notify affected clients within 30 days — and notify the service provider within 72 hours. The client trust clock starts the moment they find out.
The compliance director doesn't panic. She already knows exactly what data sEyeber Hub can see — and what it can't. The evidence is documented. The access log is there. The response is already half-written. "We were ready. We practiced for this."
Are you ready for these today?
sEyeber Hub doesn't protect you from every threat. It means you're never caught unprepared — by an examiner, a board, or a breach. Built exclusively for RIAs and broker-dealers who answer to examiners, boards, and clients — in that order.
We hold ourselves accountable to the same standards we help you meet.
sEyeber Hub's security posture is independently verified — not self-certified. Here is where we stand today and where we are going.
Ready to see what's in your environment — without adding to its risk?
Join the financial services firms getting a clear picture of their Microsoft security posture before their next exam. Read-only. Encrypted. In your hands.
Request Early Access Questions about our security model? Email security@seyeberhub.comQuestions about trust & security
What executives ask us most
For the full list, see the FAQ. For technical detail on each Microsoft permission we request, see How We Connect.
If sEyeber Hub were breached, could an attacker get into our Microsoft environment?
No. sEyeber Hub does not store your Microsoft credentials, passwords, or authentication tokens. Access to your environment is controlled by Microsoft Entra — which your organization manages directly. A breach of sEyeber Hub's systems would not give an attacker the ability to sign into your Microsoft tenant.
Can sEyeber Hub read our emails or access our files?
No. We did not request and do not hold email, file, or Teams chat permissions. This was a deliberate design decision — not a limitation. A cybersecurity posture assessment does not require reading your emails, and we believe requesting those permissions would be irresponsible. We scan your security configuration, not your content.
How do we revoke sEyeber Hub's access?
Two ways — either from Settings inside sEyeber Hub, or directly in your Microsoft admin center by removing the sEyeber Hub enterprise application. Both options work immediately, with no call to make and no dependency on us. You do not need our involvement to disconnect.
Does sEyeber Hub use AI, and does our data train any models?
sEyeber Hub uses AI to generate findings, narratives, and recommendations — scoped to your organization only. Your scan data is not used to train shared models, is not mixed with other firms' data, and stays within your organizational boundary. AI processing follows the NIST AI Risk Management Framework.