Platform Pricing Solutions People Docs Log in Request Demo
Trust & Security

Security at SpinDynamics

Enterprise-grade security is not an add-on. It is foundational to every layer of the SpinDynamics platform, from infrastructure to inference.

Security Practices

Built secure by default.

Our security posture is designed for organizations that handle sensitive data and operate in regulated environments.

Infrastructure Security

Our platform runs on hardened infrastructure within isolated virtual private clouds across multiple availability zones.

  • SOC 2 Type II compliant infrastructure
  • AWS and GCP multi-region deployment
  • Isolated VPCs with no shared tenancy
  • Regular third-party penetration testing
  • Immutable infrastructure with automated patching

Data Encryption

All data is encrypted at every stage of its lifecycle, with options for customer-managed keys.

  • AES-256 encryption at rest
  • TLS 1.3 for all data in transit
  • Customer-managed encryption keys (Enterprise)
  • Ephemeral compute with no persistent inference data
  • Encrypted backups with geo-redundancy

Access Controls

Fine-grained access management ensures only authorized users and systems interact with your resources.

  • Role-based access control (RBAC)
  • SSO and SAML 2.0 support
  • MFA enforced for all SpinDynamics employees
  • Comprehensive audit logs with 1-year retention
  • API key scoping and rotation policies

Network Security

Multiple layers of network defense protect the platform perimeter and internal communication channels.

  • DDoS protection at the edge
  • Web Application Firewall (WAF)
  • Private networking and VPC peering options
  • IP allowlisting for API access
  • Zero-trust internal service mesh

Model Security

Your models are your IP. We treat them accordingly with strict isolation and access guarantees.

  • Customer models stored in isolated environments
  • No cross-tenant access under any circumstances
  • Model weights are never logged or inspected
  • Secure model upload via signed URLs
  • Model artifact integrity verification (SHA-256)

Incident Response

Our dedicated security team operates around the clock with well-defined response and communication protocols.

  • 24/7 security operations team
  • <1 hour response for critical severity issues
  • Post-incident reports within 72 hours
  • Automated anomaly detection and alerting
  • Documented incident classification and escalation
Compliance

Standards we meet.

We maintain compliance with industry-recognized frameworks to provide assurance to our customers and their auditors.

SOC 2 Type II
Certified
GDPR
Compliant
CCPA
Compliant
HIPAA
Enterprise Plan
ISO 27001
In Progress
SOC 2 Type I
Certified
Vulnerability Disclosure

Responsible disclosure program.

We welcome security researchers to report vulnerabilities responsibly. We commit to working with you transparently and resolving issues promptly.

Reporting

Submit vulnerability reports to security@spindynamics.net. Include a detailed description, reproduction steps, and potential impact assessment. We use PGP-encrypted email for sensitive disclosures.

Our Commitment

We acknowledge receipt within 24 hours, provide an initial assessment within 72 hours, and will not pursue legal action against researchers who act in good faith. We recognize contributors in our security hall of fame.

Get in Touch

Need more details?

Our security team is available to discuss your specific requirements, provide compliance documentation, and answer technical questions.

Request Security Review View Documentation