Vast.ai Compliance Overview

At Vast.ai, we're committed to maintaining the highest standards of data security and regulatory compliance. We are currently completing our SOC 2 Type 1 certification. We anticipate finishing the audit within 30-60 days.

We are proud to work with individuals and fortune 500 companies. Compliance needs can be complex. If you need help understanding how Vast.ai's system fit within your compliance policy framework, please setup a time to discuss here.

Our Commitment to Security

  • Client Data Protection: Your data is isolated in Docker containers.
  • Provider Vetting: We rigorously assess our datacenter providers to ensure they meet our security standards. At a minimum, they have ISO 27001 certification. We can provide those certificates if required by your compliance team.
  • Global Compliance: Our operations comply with international data protection regulations, including GDPR and CCPA.

Security Tiers

We offer different security tiers to meet your specific needs:

  1. Verified Hosts: Suitable for general computing needs.

    • Manually tested for reliability
    • Cost-effective solution

  2. Datacenter Partners: For highest security requirements.

    • ISO 27001 certified (minimum)
    • Additional certifications available (e.g., HIPAA, Uptime Institute TIER 2/3)
    • Comprehensive Data Processing Agreements (DPAs)

Trusted Datacenter Partner Security Measures

For clients with the highest security requirements, Vast.ai partners with vetted datacenter providers who maintain third-party compliance certifications. Filter for these offers only on cloud.vast.ai by checking the "Secure Cloud (Only Trusted Datacenters)" checkbox.

These top-tier providers:

  • Manage their equipment in secure certified facilities
  • Hold a minimum of ISO 27001 certification
  • Sign comprehensive Data Processing Agreements (DPAs) with Vast.ai
  • Undergo due diligence to ensure equipment is located in secure facilities and the business is identified
  • Additionally, these Datacenter Partners may hold additional certifications:
    • ISO 27001
    • ISO 20000-1
    • ISO 22301
    • ISO 14001
    • HIPAA
    • NIST
    • PCI
    • SOC 1 Type 2
    • SOC 2 Type 2
    • SOC 3
    • HITRUST
    • GDPR compliant

Physical and Environmental Security

  • Restricted physical access to facilities
  • Regular access reviews and recertifications
  • Video surveillance with 90+ day retention
  • Asset tracking and removal approval processes
  • Environmental controls (fire detection/suppression, climate control, power backup)
  • Annual testing of environmental control systems

Enhanced Auditing

  • Vast.ai audits datacenter partners in the secure cloud offering and compiles documentation on the ownership structure, source of funds and identity of the provider
  • Ensures partners follow best practices and maintain equipment per certifications

Extended Legal Agreements

  • Datacenter hosts sign expanded hosting agreements that includes a separate Data Processing Agreement

Key Compliance Measures

  • Incident Response: Robust protocols for quick and effective responses to any security incidents.
  • Regular Audits: Both internal and third-party audits to ensure ongoing compliance.
  • Continuous Monitoring: Advanced systems to detect and prevent potential security threats.
  • Employee Training: Regular security and compliance training for all team members.

General Security Measures (Applicable to All Hosts)

Client Isolation

  • Clients are isolated from other clients in unprivileged Docker containers
  • Clients only have access to their own data
  • Data is destroyed immediately when clients delete instances

Provider Incentives

Providers have limited incentive to access client data due to:

  • Time required to build trust and verified status on the Vast.ai platform
  • Reputational risks of data misuse
  • Costs associated with identifying/exploiting valuable datasets

Legal Protections

  • A comprehensive Data Protection Agreement is in place
  • Our Privacy Policy details data handling practices
  • Data Center providers sign an additional agreement with more protections, as outlined below in the Datacenter Partner Security Measures section.

Track Record

  • Vast.ai has maintained a 6-year track record with no major incidents.

Industry-Specific Compliance

We understand that different industries have unique compliance needs. We offer tailored solutions for sectors including:

  • Healthcare (HIPAA compliance)
  • Finance
  • Government
  • And more...

Stay Informed

We're committed to transparency and keeping our clients informed. Check out our Blog for the latest updates on our compliance efforts and security enhancements.

Need More Information?

For detailed compliance documentation or to discuss your specific security needs:

At Vast.ai, your security is our priority. Choose us for a GPU cloud solution that takes compliance seriously.

Vast AI
  • Contact
  • Get in Touch