Security Practices

Last Updated: March 2026

1. Enterprise-Grade Architecture

At iStarai, security is treated as a foundational feature, not an afterthought. Our platform is built on modern serverless architecture with strict isolation boundaries to ensure your intellectual property remains absolutely confidential throughout the entire ML pipeline.

2. Core Principles

• End-to-End Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256.
• Zero Trust Network: We operate on a 'never trust, always verify' model. Internal macro-segmentation ensures that a compromise in one subsystem cannot pivot to another.
• Role-Based Access Control (RBAC): Annotators can only access the specific subsets of data assigned to them for the duration of the task. They have zero visibility into the broader dataset or the identity of the client.

3. Infrastructure Security

Our datacenters are SOC 2 Type II and ISO 27001 compliant. We enforce regular automated vulnerability scanning and conduct bi-annual manual penetration tests operated by leading independent security firms.

4. Annotator Vetting

The human element is often the weakest link in security. To mitigate this, our elite workforce is subject to:

• Strict background checks.
• Secure VDI (Virtual Desktop Infrastructure) access for sensitive projects, preventing data exfiltration or local downloads.
• Continuous behavioral monitoring during annotation to flag anomalous activities.

5. Compliance

We understand the regulatory burdens in fields like healthcare and automotive. Our platform is configured to support HIPAA-compliant workflows (BAA signing available on Enterprise tiers) and adheres strictly to GDPR and CCPA guidelines regarding personal data processing.

6. Report a Vulnerability

If you are a security researcher and have discovered a vulnerability on our platform, we appreciate your help in disclosing it to us responsibly. Please email security@istarai.com. We aim to acknowledge all reports within 24 hours.