Frequently Asked Questions
Does HISN slow down my browsing?
No. HISN only inspects traffic to AI services (ChatGPT, Claude, Gemini). Regular web browsing, email, and other apps are completely unaffected. The inspection adds less than 50ms of latency to AI requests.
Does HISN store my conversations?
No. Your message content is inspected in real-time and immediately discarded — it is never written to disk. Only a short redacted summary is kept for your audit dashboard, where any sensitive data is replaced (e.g. "I sent my card [REDACTED:credit_card] to..."). Your original messages and the actual sensitive values — card numbers, IDs, API keys — are never stored.
What data does HISN keep?
Only what you need for compliance and visibility: the detection type (e.g. "credit card"), the action taken (allowed, warned, or blocked), a timestamp, and a short redacted preview. The actual sensitive values are never persisted anywhere.
Can I bypass HISN?
HISN is designed to be transparent and non-bypassable when properly configured. The proxy is set at the system level, and the certificate is installed in your system's trust store. Tampering with these settings may violate your organization's security policy.
Which AI services are monitored?
By default: ChatGPT (chatgpt.com), Claude (claude.ai), and Gemini (gemini.google.com), plus their API endpoints. Your admin can add or remove services.
What happens when something is blocked?
You'll see a clear message in the AI chat window explaining:
- That your message was blocked by your organization's DLP policy
- What type of sensitive data was detected
- What action you should take (e.g., remove the sensitive data and try again)
Does HISN read my messages?
HISN scans messages in transit for patterns matching sensitive data types (credit cards, IDs, API keys, etc.). Your message content is processed in memory only and discarded immediately after inspection — it is never stored, analyzed further, or shared with anyone. Think of it like a security checkpoint — it checks for specific items, then lets everything else through.
How do I get help?
Contact your organization's IT administrator. They can view your blocked events in the admin console and adjust policies if needed.
