Logo
datathreads
Join Discord

Security & Compliance

Last updated: January 15, 2025

At datathreads, security is not an afterthought—it is the foundation of our "Glass Box" architecture. We are committed to protecting your data with enterprise-grade standards, rigorous compliance, and transparent governance controls.

1 Compliance & Certifications

SOC 2 Type II

datathreads is currently in the observation period for SOC 2 Type II compliance. We adhere to the AICPA's Trust Services Criteria for Security, Availability, and Confidentiality.

GDPR & CCPA

We are fully compliant with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Users have full control over their data rights, including the "right to be forgotten."

2 Infrastructure Security

Our platform runs on top-tier cloud providers (AWS/GCP) with industry-best physical security controls.

  • Data Isolation: Customer data is logically separated in multi-tenant environments. Enterprise plans offer dedicated VPC peering options.
  • Encryption at Rest: All data stores are encrypted using AES-256 algorithms.
  • Encryption in Transit: All communications between your browser, our API, and the database are encrypted via TLS 1.3.

3 AI Governance & The "Glass Box"

We understand the risks of "black box" AI. Our architecture ensures you maintain control over your reasoning engines.

Audit Logs: Every decision made by an AI agent creates an immutable audit trail accessible via our dashboard.

Zero Retention (Optional): For sensitive workflows, we offer "Zero Retention" mode where your inputs are processed by the LLM but never stored on our servers or the model provider's servers for training.

PII Redaction: Our reasoning engine automatically detects and redacts Personally Identifiable Information (PII) before it is sent to any inference model.

4 Access Control

Authentication

We support Single Sign-On (SSO) via SAML 2.0 and OIDC for Enterprise plans (Okta, Azure AD, Google Workspace). Multi-Factor Authentication (MFA) is enforceable for all accounts.

Internal Access

We practice the Principle of Least Privilege. datathreads employees do not have access to customer data unless explicitly granted for support purposes via a time-bound, logged access request.

5 Vulnerability Management

We perform regular automated scans and third-party penetration testing of our application and infrastructure.

  • Static Analysis: Code is scanned for vulnerabilities (SAST) before every deployment.
  • Dependency Monitoring: We continuously monitor our software supply chain for CVEs in third-party libraries.

Report a Vulnerability

We value the contributions of the security research community. If you believe you have found a security vulnerability in datathreads, please report it to us immediately.

security@datathreads.ai