Guides
  1. Organization

Security and Compliance

Datature Vi's security certifications, data protection practices, compliance programs, and infrastructure architecture.

Prepare Data
Train a Model
Deploy & Integrate
Manage Workspace

Datature Vi is built for teams that work with sensitive visual data. This page covers the certifications, infrastructure decisions, and operational practices that protect your data on the platform.

On this page

CertificationsData residencyEncryptionAccess controlsInfrastructureData handlingFAQ

Certifications

Certification
Status
Details
SOC 2 Type II
Certified
Annual audit covering security, availability, and confidentiality trust service criteria. Report available under NDA on request.
HIPAA
Compliant
Business Associate Agreements (BAAs) available for Enterprise plan customers handling protected health information (PHI).
GDPR
Compliant
Data Processing Agreements (DPAs) available. Data subject rights (access, erasure, portability) supported.

To request a copy of the SOC 2 report or to execute a BAA or DPA, contact [email protected].

Data residency

Datature Vi offers configurable data residency to meet geographic and regulatory requirements.

Multi-region (default): Data is distributed across multiple cloud regions for performance and availability. Datature selects the optimal region based on your location.

Single region: When you create a dataset, you can select a specific geographic region for storage. Data stays within that region for the dataset's lifetime. Available regions include US, EU, and Asia-Pacific locations. Choose single-region storage when data sovereignty or compliance policies (such as EU data residency rules) require data to stay within a specific jurisdiction.

On-premise and VPC deployment (Enterprise): Enterprise plan customers can deploy Datature Vi within their own VPC or on-premise infrastructure. Training and inference run inside your network boundary. Contact [email protected] for architecture details.

Encryption

Layer
Method
Data in transit
TLS 1.2+ for all API and web traffic. No unencrypted endpoints.
Data at rest
AES-256 encryption for all stored datasets, annotations, model weights, and metadata.
Secret keys
API secret keys are hashed before storage. Full key value is shown once at creation time and cannot be retrieved afterward.
Model weights
Trained model weights are encrypted at rest. Downloads are served over TLS.

Access controls

Datature Vi provides layered access controls at the organization and project levels.

Organization roles: Owner, Admin, and Member roles govern who can manage billing, invite users, and create resources. See Team Settings for role details.

Project-level roles: Each dataset and training project has its own Owner, Editor, and Viewer roles, so you can restrict who can modify annotations or training configurations. See Team Settings for per-project access patterns.

API secret keys: Keys are scoped to specific permissions (Dataset, Training, Deployment) and permission levels (Full, Read Only, Labeler Only, Restricted). Rotate keys on a regular schedule and use separate keys for development and production. See Secret Keys for best practices.

Governance templates: For an optional RACI-style checklist aligned to Datature Vi roles (labeling, export, keys, billing), see Roles and RACI checklist.

SSO and SAML: Available on the Enterprise plan. Integrate Datature Vi with your identity provider (Okta, Azure AD, Google Workspace, or any SAML 2.0 provider) for centralized authentication and automatic user provisioning. Contact [email protected] to configure SSO.

Infrastructure

Datature Vi runs on major cloud infrastructure with the following operational practices:

  • Compute isolation: Training runs execute in isolated containers. GPU resources allocated to your training run are not shared with other customers.
  • Network segmentation: Customer data, training infrastructure, and application services operate in separate network segments.
  • Backups: Datasets and model weights are backed up regularly. Backup retention and recovery SLAs are documented in your Enterprise agreement.
  • Monitoring: Infrastructure and application-level monitoring with alerting for availability, performance, and security events.

Data handling

Data ownership: You own your data. Datature does not use your images, annotations, or trained model weights for any purpose other than providing the service to you.

Data deletion: When you delete a dataset, all images, annotations, and associated metadata are permanently removed. Trained model weights remain until you delete them separately. On account termination, all data is deleted within 30 days.

Model portability: Trained models export in HuggingFace SafeTensors format, including full weights, LoRA adapters, and training configuration. You can take your models and leave at any time.

Subprocessors: Datature uses cloud infrastructure providers (AWS, GCP) for compute and storage, and NVIDIA for NIM container images. A full subprocessor list is available on request.

Frequently asked questions

Yes. The SOC 2 Type II report is available under NDA. Contact [email protected] to request a copy.

Yes. Business Associate Agreements are available for Enterprise plan customers. Contact [email protected] to execute a BAA before uploading any protected health information.

By default, data is stored in multi-region cloud infrastructure. When you create a dataset, you can select a specific single region (US, EU, or Asia-Pacific) if your compliance policies require geographic data residency. Enterprise customers can deploy entirely within their own VPC or on-premise.

Yes. SSO via SAML 2.0 is available on the Enterprise plan. Supported identity providers include Okta, Azure AD, Google Workspace, and any SAML 2.0-compliant provider. Contact [email protected] to configure SSO for your organization.

Enterprise plan customers have access to audit logs covering authentication events, resource creation and deletion, training run activity, and API key usage. Logs can be exported to your SIEM. Contact your dedicated success manager for configuration details.

Yes, with prior coordination. Contact [email protected] to schedule a penetration test window and share scope.

On cancellation, your data remains accessible for 30 days. After 30 days, all datasets, annotations, model weights, and metadata are permanently deleted. Download your data and models before the retention period ends.

External resources

Contact

For security questions, compliance documentation, or to report a vulnerability:

Related resources

Secret Keys

API authentication, scoped permissions, and key rotation best practices.

Team Settings

Organization roles, project-level access controls, and member management.

Plans and Pricing

Compare plans and features, including Enterprise capabilities.

Updated 2 days ago