Our Commitment to Security and Compliance

At Vast.ai, we're dedicated to upholding the highest standards of data security and regulatory compliance. Our commitment to protecting your data to the best of our ability is at the core of everything we do.

At Vast.ai, we serve a wide range of clients, from AI startups to prestigious universities and even Fortune 500 companies. We understand that each client may have unique compliance requirements.

We recognize that navigating compliance needs can be complex, especially when integrating new systems into existing frameworks. If you need assistance understanding how Vast.ai's systems align with your specific compliance policies, we're here to help.

To discuss your unique compliance needs and how our solutions fit within your framework, please schedule a consultation with our compliance team here.

Ongoing Compliance Efforts

We are continuously working to enhance our security posture and align with industry-leading standards. Our current initiatives include:

  • Implementing robust security controls across our organization
  • Regularly assessing and improving our data protection measures
  • Aligning our practices with recognized industry standards and frameworks
  • Preparing for independent security audits and certifications

Ongoing compliance certifications

SOC 2 Type 1

We are currently in the process of completing our SOC 2 Type 1 certification. This certification demonstrates our commitment to maintaining rigorous controls over the security, availability, and confidentiality of our systems and data. We anticipate finishing the audit in Q4.

HIPAA Compliance

We are actively working towards HIPAA compliance to ensure the protection of sensitive healthcare information. Our policies, procedures, and technical safeguards are being aligned with HIPAA requirements to support our customers in the healthcare industry.

GDPR Compliance

Vast.ai is committed to adhering to the General Data Protection Regulation (GDPR) for our European users. We are implementing robust data protection measures and enhancing our privacy policies to ensure compliance with this important regulation.

US Data Privacy Compliance

We are staying abreast of evolving US data privacy laws and regulations. Our team is working diligently to implement controls and policies that align with various state-level privacy laws and potential federal regulations.

Vast.ai Security Overview

  • Client Data Protection: Your data is isolated in Docker containers.
  • Provider Vetting: We rigorously assess our datacenter providers to ensure they meet our security standards. At a minimum, they have ISO 27001 certification. We can provide those certificates if required by your compliance team.
  • Global Compliance: Our operations team is diligently working to align with global compliance requirements.

Security Tiers

We offer different security tiers to meet your specific needs:

  1. Verified Hosts: Suitable for general computing needs.

    • Manually tested for reliability
    • Cost-effective solution

  2. Datacenter Partners: For highest security requirements.

    • ISO 27001 certified (minimum)
    • Additional certifications available (e.g., HIPAA, Uptime Institute TIER 2/3)
    • Comprehensive Data Processing Agreements (DPAs)

Trusted Datacenter Provider Security Measures

For clients with the highest security requirements, Vast.ai partners with vetted datacenter providers who maintain third-party compliance certifications. Filter for these offers only on cloud.vast.ai by checking the "Secure Cloud (Only Trusted Datacenters)" checkbox.

Datacenter Providers:

  • Manage their equipment in secure certified facilities
  • Hold a minimum of ISO 27001 certification
  • Sign comprehensive Data Processing Agreements (DPAs) with Vast.ai
  • Undergo due diligence to ensure equipment is located in secure facilities and the business is identified
  • Additionally, these Datacenter Partners may hold additional certifications:
    • ISO 27001
    • ISO 20000-1
    • ISO 22301
    • ISO 14001
    • HIPAA
    • NIST
    • PCI
    • SOC 1 Type 2
    • SOC 2 Type 2
    • SOC 3
    • HITRUST
    • GDPR compliant

Datacenter Physical and Environmental Security

  • Restricted physical access to facilities
  • Regular access reviews and recertifications
  • Video surveillance with 90+ day retention
  • Asset tracking and removal approval processes
  • Environmental controls (fire detection/suppression, climate control, power backup)
  • Annual testing of environmental control systems

Datacenter Enhanced Auditing

  • Vast.ai audits datacenter partners in the secure cloud offering and compiles documentation on the ownership structure, source of funds and identity of the provider
  • Ensures partners follow best practices and maintain equipment per certifications

Datacenter Additional Legal Agreements

  • Datacenter hosts sign expanded hosting agreements that includes a separate Data Processing Agreement

Key Compliance Measures

  • Incident Response: Robust protocols for quick and effective responses to any security incidents.
  • Regular Audits: Both internal and third-party audits to ensure ongoing compliance.
  • Continuous Monitoring: Advanced systems to detect and prevent potential security threats.
  • Employee Training: Regular security and compliance training for all team members.

General Security Measures (Applicable to All Hosts)

Client Isolation

  • Clients are isolated from other clients in unprivileged Docker containers
  • Clients only have access to their own data
  • Data is destroyed immediately when clients delete instances

Provider Incentives

Providers have limited incentive to access client data due to:

  • Time required to build trust and verified status on the Vast.ai platform
  • Reputational risks of data misuse
  • Costs associated with identifying/exploiting valuable datasets

Legal Protections

  • A comprehensive Data Protection Agreement is in place
  • Our Privacy Policy details data handling practices
  • Data Center providers sign an additional agreement with more protections, as outlined below in the Datacenter Partner Security Measures section.

Track Record

  • Vast.ai has maintained a 6-year track record with no major incidents.

Industry-Specific Compliance

We understand that different industries have unique compliance needs. We offer tailored solutions for sectors including:

  • Healthcare (HIPAA compliance)
  • Finance
  • Government
  • And more...

Stay Informed

We're committed to transparency and keeping our clients informed. Check out our Blog for the latest updates on our compliance efforts and security enhancements.

Need More Information?

For detailed compliance documentation or to discuss your specific security needs:

At Vast.ai, your security is our priority. Choose us for a GPU cloud solution that takes compliance seriously.

Vast AI
  • Contact
  • Get in Touch