Cnalylabs LogoCnalylabs
Security

Security & Compliance

At Cnalylabs, security is foundational to our platform. We implement industry best practices to protect your data, models, and infrastructure.

Security Measures

Multiple layers of security protect your workloads and data at every level.

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. API keys and secrets are stored using industry-standard key management systems.

Isolated Compute Environments

Each customer workload runs in isolated containers with dedicated resources. No shared memory or storage between tenants ensures complete workload isolation.

Access Controls

Role-based access control (RBAC) with granular permissions. Multi-factor authentication (MFA) support and single sign-on (SSO) integration for enterprise accounts.

Audit Logging

Comprehensive audit logs for all API calls and system access. Retain logs for compliance and forensic analysis with configurable retention policies.

Secure Development

Security-first development practices including code reviews, automated security scanning, dependency monitoring, and regular penetration testing.

Incident Response

24/7 security monitoring with defined incident response procedures. Prompt notification of security events affecting customer data or services.

Compliance & Certifications

We maintain compliance with industry standards and regulations to meet enterprise requirements.

SOC 2 Type II

In Progress

We are actively working towards SOC 2 Type II certification, with completion expected in 2025.

GDPR

Compliant

Full compliance with EU General Data Protection Regulation requirements for data protection and privacy.

Data Processing Agreement

Available

Standard DPA available for enterprise customers requiring contractual data protection commitments.

UK Data Protection Act

Compliant

Adherence to UK data protection requirements as a company registered in England and Wales.

Data Protection

Data Residency

You control where your data is processed. We offer deployment options in multiple regions, allowing you to meet data residency requirements for your jurisdiction.

Data Retention

Model artifacts and inference data are retained only as long as necessary to provide the service. You can delete your data at any time through the API or dashboard.

Subprocessors

We maintain a list of subprocessors who may process customer data on our behalf. Enterprise customers are notified of any changes to our subprocessor list.

Security Questions?

For security inquiries, vulnerability reports, or to request our security documentation, please contact our security team.

Email: security@cnalylabs.com