Security at MLPipeline Cloud

We take security seriously. Here's how we protect your data and infrastructure.

Compliance

• SOC 2 Type II — in progress (audit Q3 2026)
• GDPR compliant — Data Processing Addendum available for Enterprise
• Annual penetration testing by third-party vendors

Data protection

• Encryption at rest (AES-256) for all customer data
• Encryption in transit (TLS 1.3 minimum)
• Passwords hashed with bcrypt (cost factor 12)
• Regular automated backups with 30-day retention

Infrastructure

• Hosted in SOC 2-certified data centers
• Isolated VPC with private networking
• WAF and DDoS protection at edge
• Regular security patching and dependency updates

Responsible disclosure

If you discover a security vulnerability, please email security@mlpipeline-cloud.com. We'll respond within 48 hours and work with you on a coordinated disclosure timeline.

See also our security.txt.