Security

Infrastructure Security

Cloud Infrastructure

• Hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certification
• Distributed across multiple availability zones for high availability
• Regular security assessments and penetration testing
• DDoS protection and Web Application Firewall (WAF)
• Network segmentation and private subnets for sensitive components

GPU Infrastructure

• Training workloads run on isolated GPU instances
• Memory cleared between training jobs
• No data persistence on GPU nodes after job completion
• Secure model weight transfer with encryption

Data Protection

Encryption

Data Isolation

• Complete separation between customer data
• Row-level security in database
• Isolated storage buckets per organization
• No cross-tenant data access possible

Data Handling

• Your training data is never used to train our systems
• Your data is never shared with other customers
• Automatic deletion of training data after 90 days (configurable)
• Right to deletion - request complete data removal at any time

Access Control

Authentication

• Secure password requirements with strength validation
• JWT-based session management with secure token rotation
• API key authentication for programmatic access
• Session timeout and automatic logout
• Brute force protection with rate limiting

Authorization

• Role-based access control (RBAC)
• Organization-level permissions
• Principle of least privilege
• Audit logging for all access

Internal Access

• Strict access controls for ANRAK employees
• Access only on need-to-know basis
• All access logged and monitored
• Regular access reviews
• Background checks for all employees

Operational Security

Monitoring & Logging

• 24/7 infrastructure monitoring
• Real-time alerting for security events
• Comprehensive audit logs retained for 12 months
• Anomaly detection for unusual patterns
• Automated security scanning

Incident Response

• Documented incident response procedures
• Dedicated security response team
• Incident notification within 72 hours of discovery
• Post-incident analysis and improvements

Business Continuity

• Regular automated backups
• Disaster recovery procedures
• Multi-region data replication
• 99.9% uptime SLA for enterprise customers

Development Security

• Secure software development lifecycle (SSDLC)
• Code review requirements for all changes
• Automated security testing in CI/CD pipeline
• Dependency vulnerability scanning
• Regular security training for developers
• No production access from development environments

Compliance

We implement controls aligned with major compliance frameworks:

AI-Specific Security

• Model weights encrypted at rest and in transit
• Trained models isolated per customer
• No training data leakage between customers
• Secure model deployment with access controls
• Rate limiting on inference endpoints
• Monitoring for model misuse

Security Best Practices for Customers

We recommend the following practices:

• Use strong, unique passwords for your account
• Keep API keys secure and rotate them regularly
• Limit API key permissions to only what's needed
• Review access logs regularly
• Report any security concerns promptly
• Keep your contact information up to date for security notifications

Vulnerability Disclosure

We appreciate the security research community's efforts in helping keep our platform secure. If you discover a security vulnerability, please report it responsibly:

Contact Us

For security-related questions or concerns: