Security at Fine-Tune Lab

Your training data, models, and infrastructure are protected with enterprise-grade security measures.

Security Features

Encryption Everywhere

AES-256 encryption at rest, TLS 1.3 in transit. Your data is encrypted end-to-end.

Zero Data Sharing

We never use your training data to improve our platform or train other models.

Access Controls

Role-based permissions, 2FA support, and API key management with scoped permissions.

Isolated Environments

Each training job runs in an isolated container with no cross-user access.

Infrastructure Security

Hosted on SOC 2 compliant cloud infrastructure with automated backups.

Incident Response

24/7 monitoring and rapid response to security incidents.

Security Practices

Data Encryption

  • At Rest: All data stored with AES-256 encryption
  • In Transit: TLS 1.3 for all API and web traffic
  • Backups: Encrypted backups with separate encryption keys
  • Key Management: Hardware security modules (HSM) for key storage

Access Control

  • Authentication: OAuth 2.0, SAML 2.0 for SSO (enterprise)
  • Multi-Factor Auth: TOTP-based 2FA support
  • API Keys: Scoped permissions with rotation support
  • RBAC: Role-based access control for team members
  • Audit Logs: Complete audit trail of all access and actions

Infrastructure Security

  • Isolation: Training jobs run in isolated Docker containers
  • Network Security: Private VPCs, firewall rules, DDoS protection
  • Vulnerability Scanning: Automated scanning of dependencies
  • Patch Management: Regular security updates and patches
  • Backups: Automated daily backups with 30-day retention

Monitoring & Response

  • 24/7 Monitoring: Real-time security event monitoring
  • Intrusion Detection: Automated threat detection systems
  • Incident Response: Documented response procedures
  • Alerting: Immediate alerts for suspicious activity
  • Logging: Comprehensive logs for forensic analysis

Compliance & Certifications

We meet industry standards for security and privacy

GDPR Compliant

Full compliance with EU General Data Protection Regulation

  • • Data portability and right to deletion
  • • Data processing agreements available
  • • Privacy by design principles

SOC 2 Type II

In progress - completing certification for enterprise customers

  • • Security controls audit
  • • Availability and processing integrity
  • • Confidentiality and privacy

CCPA Compliant

California Consumer Privacy Act compliance for US users

  • • Data disclosure and opt-out rights
  • • No sale of personal information
  • • Transparent privacy practices

ISO 27001

Pursuing ISO 27001 certification for information security

  • • Information security management
  • • Risk assessment and treatment
  • • Continuous improvement

Your Data Privacy Guarantee

We Never Use Your Training Data:

  • Your datasets are used ONLY for your fine-tuning jobs
  • We don't train models on your data or use it to improve our platform
  • Your data is never shared with other users or third parties
  • You can delete your data at any time - it's immediately removed
  • All data is encrypted at rest and in transit

Security Best Practices

Recommendations to keep your account secure

✓ Do

  • • Enable two-factor authentication (2FA)
  • • Use strong, unique passwords
  • • Rotate API keys regularly
  • • Review audit logs periodically
  • • Use scoped API keys with minimal permissions
  • • Keep your email address up to date

✗ Don't

  • • Share your password or API keys
  • • Use the same password across services
  • • Commit API keys to public repositories
  • • Leave API keys in client-side code
  • • Ignore security alerts or notifications
  • • Use root API keys for applications

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:

1
Report Privately:

Email security@finetunelab.ai with details

2
Allow Time to Fix:

Give us 90 days to address the issue before public disclosure

3
Get Recognition:

We'll acknowledge your contribution (if desired) and may offer bounties for critical vulnerabilities

Questions About Security?

Our security team is here to help answer your questions.

Contact Security Team