Security
Protecting your research data is fundamental to everything we build. We implement rigorous security measures across our entire platform to ensure your data remains safe, private, and under your control.
Data Encryption
All data is encrypted both in transit and at rest. We use TLS 1.3 for all network communications and AES-256 encryption for stored data, ensuring your research and proprietary information remains protected at every stage.
Access Controls
We enforce role-based access controls (RBAC), multi-factor authentication (MFA), and the principle of least privilege across our entire infrastructure. Every access request is authenticated and authorized before granting entry to systems or data.
Infrastructure
Our platform is hosted on major cloud providers with SOC 2 compliant infrastructure. We leverage isolated compute environments, automated scaling, and geographic redundancy to ensure high availability and resilience.
Data Privacy
Your data is never used to train models for other customers. We maintain strict data isolation between tenants, ensuring that your proprietary research data, experimental results, and biological designs remain exclusively yours.
Open Source Security
We conduct regular dependency audits and apply security patches promptly across all our open-source projects. We follow responsible disclosure practices and welcome security researchers to report vulnerabilities.
Compliance
We are actively working toward SOC 2 Type II certification. For our users in the European Union, we implement GDPR-aligned data handling practices including data minimization, purpose limitation, and support for data subject rights.
Our Security Commitment
At Avitai Bio, security is not an afterthought — it is embedded into every layer of our platform from the ground up. We understand that our users trust us with sensitive research data, proprietary biological designs, and confidential experimental results.
We continuously monitor our systems for threats, conduct regular penetration testing, and maintain an incident response plan to address any security events swiftly. Our engineering team follows secure development practices, including code reviews, automated security scanning, and dependency management.
We are transparent about our security practices and are happy to discuss our approach in detail with prospective and current customers. For enterprise security requirements or to request our security documentation, please reach out to our security team.
Report a Vulnerability
We value the work of security researchers and encourage responsible disclosure. If you discover a security vulnerability in any of our products or services, please report it to us privately so we can address it promptly.
Please do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it. We commit to acknowledging reports within 48 hours and providing regular updates on our progress toward a fix.
We will not pursue legal action against security researchers who act in good faith and follow our responsible disclosure guidelines.
Have questions about our security practices?
Contact security@avitai.bio