Skip to main content

Trust & Security

Your code never leaves your control. Adapts is built from the ground up for enterprise data privacy, security, and compliance — because the systems we help you understand are the most sensitive assets you own.

Compliance

Certifications & standards

SOC 2 Type II

In Progress

Q2 2026

ISO 27001:2022

In Progress

Q2 2026

GDPR & CCPA

Supported

Via DPA

Security Architecture

Eight pillars of enterprise security

Customer-Managed Encryption

You control encryption keys. Full key management with AWS KMS and customer-managed CMKs.

Workflow-Oriented Metadata

Process metadata is strictly separated from customer data with distinct access controls and storage boundaries.

No-Touch Deployments

CI/CD automation eliminates manual production access. Zero human touch on production systems.

Access Transparency

Immutable audit logs for every data interaction. Who accessed what, when, and why.

Data Classification & Segregation

Strict policies separate customer and operational data with distinct access controls.

Multi-Tenant Isolation

Unique encryption boundaries per tenant. Complete isolation ensures no cross-tenant data leakage.

In-Memory Processing

Code is processed in memory and never persisted beyond the analysis window. Zero code retention.

Compliance & Governance

Multi-framework alignment with industry standards. Continuous compliance monitoring and policy enforcement.

Core Principles

Privacy by design

No Data Collection

Customer data is only processed within the customer-controlled environment and is never transferred for training or analytics. Your code stays yours.

Secure by Default

All data encrypted at rest using AWS KMS and in transit using TLS 1.2+. Short-lived credentials via AWS STS ensure minimal exposure windows.

Transparency & Auditability

Immutable, cryptographically signed logs retained per compliance needs. Customer-visible access records provide full accountability.

Data Retention & Deletion

  • Self-service project and tenant deletion
  • Inactive artifacts purged after 30 days
  • Encrypted backups retained 30 days, then securely shredded
  • Deletion requests processed within 30 days

Incident Response

  • 24/7 on-call rotation for security incidents
  • <30-minute incident acknowledgment SLA
  • Root cause analysis and notification within 72 hours
  • Public postmortems for security events

You're in control

Access & Audit

Real-time audit logs, customer-visible access records, role-based access control (RBAC).

Data Sovereignty

Lock data to specific regions/AWS accounts (Enterprise), exclude data from model fine-tuning, request full data deletion within 30 days.

Documents

Security documentation

Available for download. For additional security documentation or a completed vendor security questionnaire, contact security@adapts.ai.

Data Processing Addendum (DPA)

Standard DPA for GDPR and CCPA compliance.

Download PDF →

Security Architecture Overview

Technical overview of our eight security pillars.

Download PDF →

Have a security question?

Our security team is available to discuss your requirements and answer any questions about our security posture.

Contact security@adapts.ai