Security at InferGrove

SOC 2 Type II

Independently audited annually by a Big 4 firm. Report available under NDA.

HIPAA

BAA available for healthcare workloads on dedicated clusters.

GDPR

Full compliance with EU data protection regulations and data residency.

ISO 27001

Certified information security management system.

🔐 Encryption

All data is encrypted in transit and at rest using industry-standard algorithms.

• TLS 1.3 for all API communications
• AES-256 encryption for data at rest
• Hardware Security Modules (HSMs) for key management
• Certificate pinning for critical services

🏗️ Infrastructure Security

Zero-trust architecture with defense-in-depth across all layers.

• Zero-trust network architecture
• Micro-segmentation between services
• Immutable infrastructure with automated patching
• DDoS protection and WAF at the edge

👤 Access Control

Strict access controls ensure only authorized personnel can access systems.

• Role-based access control (RBAC)
• Multi-factor authentication required for all employees
• Just-in-time access provisioning
• Comprehensive audit logging

🔍 Monitoring & Response

24/7 security monitoring with rapid incident response capabilities.

• 24/7 Security Operations Center (SOC)
• Real-time threat detection and alerting
• Automated incident response playbooks
• Regular penetration testing by third parties

Zero Data Retention

API inputs and outputs are processed in memory and immediately discarded. We never store your prompts or model responses.

No Training on Your Data

We never use customer data to train, fine-tune, or improve models. Your data is exclusively yours.

Data Residency

Choose where your data is processed. EU, US, and APAC data residency options available for Enterprise customers.

Customer-Managed Keys

Enterprise customers can use their own encryption keys (BYOK) for additional control over data encryption.

VPC Peering

Connect your VPC directly to InferGrove's infrastructure. Traffic never traverses the public internet.

Audit Logs

Complete audit trail of all API access, configuration changes, and administrative actions. Export to your SIEM.

🔐 Application Security

Secure development lifecycle with automated security testing at every stage.

• Secure SDLC with mandatory code review
• Static analysis (SAST) on every commit
• Dynamic application security testing (DAST)
• Dependency scanning and SCA
• Container image scanning
• Regular third-party penetration testing

🌐 Network Security

Multi-layered network defenses protect against external and internal threats.

• Web Application Firewall (WAF)
• DDoS protection at network edge
• Network segmentation and micro-segmentation
• Intrusion detection and prevention (IDS/IPS)
• Private connectivity options (VPC peering)
• DNS security with DNSSEC

👥 People Security

Security starts with our people. Rigorous controls ensure trusted access.

• Background checks for all employees
• Mandatory security awareness training
• Phishing simulation exercises
• Principle of least privilege access
• Quarterly access reviews
• Secure offboarding procedures

🔄 Business Continuity

Resilient architecture ensures service availability even during incidents.

• Multi-region active-active deployment
• Automated failover (< 30 second RTO)
• Regular disaster recovery testing
• Incident response plan with defined SLAs
• Status page with real-time updates
• Post-incident reviews and public reports