Security at SUPA

At SUPA, we are committed to ensuring the highest level of security and data privacy for our customers. We understand that the sensitive nature of our work requires the highest level of protection. As such, we have taken steps to ensure our security measures exceed industry standards. Our security program is designed to safeguard customer data and ensure the confidentiality, integrity, and availability of data across all our systems.

SOC 2 Type II Certification

We are thrilled to announce that SUPA has achieved SOC 2 Type II certification, underscoring our commitment to the highest standards of data security and privacy. This milestone is not just a testament to our dedication but a direct benefit to you, our valued customers, especially as we navigate the complexities of data security in today's digital world. Read more about our SOC 2 Type II Certification here.

Protection of customer data

Access control

We have provisioned administrative roles and associated privileges based on the principle of ‘least privilege’ and ‘need-to-know’ basis. All stakeholders interacting with data are required to sign a non-disclosure agreement (NDA) to maintain confidentiality of all data. We maintain an audit trail of all actions on our proprietary image annotation platform for monitoring and accountability.

Customer privacy 

We are committed to protecting customer privacy and anonymity. We never disclose the name of our clients to our workforce, and only permit access to data for annotators who have successfully completed our assessments. Annotators’ access is further limited to prevent access of entire datasets, historical data, or backtracking functions. 

Data encryption

All unlabeled and labeled data, metadata and private user information are encrypted at rest using AES-256. We use ISO/IEC 27001 certified AWS cloud storage, which provides server-side encryption using AWS’s default keys. Data is automatically decrypted when accessed by an authorized user. When in transit, data is encrypted via Transport Layer Security (TLSv1.2+) between customers and our servers, and via HTTPS and SSH within our internal network. We also support self-hosted assets on customers’ choice of cloud platform using signed urls or delegated access. In addition, we maintain data segmentation to keep each client's data separate, and we can provide dedicated hosts upon request.

If you have any questions or concerns about our security practices, please do not hesitate to contact us.

How We Comply with the General Data Protection Regulation (“GDPR”)

GDPR is a European privacy law that governs the collection, use, and processing of personal data of EU citizens. We have adopted and implemented core principles of GDPR to ensure the responsible handling of personal data:

  • We process your data transparently, fairly, and lawfully. We provide clear disclosure on how your data is handled, stored and accessed.
  • We only collect data that is essential for our operations, sharing it only with selected third-party services that uphold industry-leading privacy and security standards.
  • We are committed to maintaining the accuracy of your data and provide you with the means to modify or delete your information as per your wishes.
  • We retain your information only for as long as you use our services and promptly delete it upon your request.
  • We use advanced security protocols, including bank-grade encryption, access controls, and authorization controls, to protect your data both in transit and at rest.
Company logo for SUPA

Supercharge your AI with human expertise
🚀

Solutions
AI Assistant
Image Gen AI
LLM
Computer Vision
Moderation
Quick links
Use cases
Customers
Pricing
Blog
Connect with us
Copyright © 2024 SUPA. All rights reserved.