Ship AI evaluations with enterprise-grade security and compliance

Security principles

These guardrails guide every product decision—from the free Community Edition CLI to dedicated EvalOps deployments.

• Data minimization & encryption

  Telemetry is encrypted in transit and at rest. We only process the data required to evaluate your models and provide field-level redaction controls for sensitive fields.

• Isolation by design

  EvalOps workspaces isolate traces, scorecards, and secrets per customer. Dedicated and Private Cloud engagements introduce separate data planes, customer-managed keys, and private networking.

• Governance as a feature

  Role-based access, retention policies, policy attestations, and audit-ready exports are built into the product—not bolted on during procurement.

Compliance & trust

We partner with customers to meet their regulatory obligations. Dedicated programs tailor controls to industry-specific requirements.

• ✦SOC 2 Type II: Underway with Big Four auditor. Controls align with AICPA trust service criteria across security, availability, and confidentiality.
• ✦HIPAA & GDPR: Business Associate Agreements and Data Processing Agreements available. Dedicated data planes and regional residency options support regulated workloads.
• ✦Customer-managed keys: Integrations with AWS KMS, Azure Key Vault, and HashiCorp Vault for customers requiring customer-supplied encryption keys.
• ✦Vulnerability management: Quarterly penetration tests, continuous dependency scanning, and a private bounty program keep the platform hardened.