← Back to Home

Security & Compliance

Last updated: September 15, 2025

IngestScale supports private, in‑database document‑AI pipelines with deployment options that keep data within your trust boundary. Our approach emphasizes verifiable controls and artifacts—so Privacy you can verify is operational, not just a claim.

Deployments

  • On‑prem / VPC: Run entirely within your environment with your identity, network, and observability stack.
  • Managed service: Private network links and logical isolation; no customer data used to train foundation models.
  • Data flow diagrams: Provided during onboarding, covering ingestion, processing, storage, and egress paths.

Controls

  • RBAC with least‑privilege service accounts and segmented duties.
  • Network isolation, VPC/VNet peering, and optional private service endpoints.
  • Encryption in transit (TLS 1.2+) and at rest; customer‑managed keys where supported.
  • Audit logging for access, configuration changes, dataset lineage, and inference events.
  • Single Sign‑On (SAML/OIDC) and optional SCIM for user lifecycle.
  • Secrets management via your KMS/secret store; rotation policies documented.

Compliance Posture

We align our controls to SOC 2 and ISO 27001 frameworks and support customer due‑diligence reviews. Formal certification status and reports are available under NDA upon request.

  • DPIA support and data protection addenda for regulated workloads.
  • Data residency: private deployments remain in‑region per your cloud/account constraints.

Verification Artifacts

To enable independent verification, customers receive:

  • Pipeline run logs, request/response IDs, and sampling harness outputs (field‑level F1 where applicable).
  • Data lineage traces across ingestion, parsing, extraction, and validation steps.
  • Access and configuration audit logs suitable for SIEM ingestion.
  • Model constraints: schema enforcement, regex/format checks, groundedness scores vs source text.

See also our Methods section for benchmark methodology and measurement details.

Vulnerability & Incident Management

  • Routine dependency and base image patching; SBOM available upon request.
  • Secure SDLC with code review, dependency scanning, and container image scanning.
  • Incident response with severity classification and customer notification per contract.

Contact

Questions or requests (e.g., security questionnaire, DPA)? Use our contact form.