Security at Fine-Tune Lab

Your training data, models, and infrastructure are protected with enterprise-grade security measures.

Security Features

Encryption Everywhere

AES-256 encryption at rest, TLS 1.3 in transit. Your data is encrypted end-to-end.

Zero Data Sharing

We never use your training data to improve our platform or train other models.

Access Controls

Role-based permissions, 2FA support, and API key management with scoped permissions.

Isolated Environments

Each training job runs in an isolated container with no cross-user access.

Infrastructure Security

Hosted on SOC 2 compliant cloud infrastructure with automated backups.

Incident Response

24/7 monitoring and rapid response to security incidents.

Security Practices

Data Encryption

At Rest: All data stored with AES-256 encryption
In Transit: TLS 1.3 for all API and web traffic
Backups: Encrypted backups with separate encryption keys
Key Management: Hardware security modules (HSM) for key storage

Access Control

Authentication: OAuth 2.0, SAML 2.0 for SSO (enterprise)
Multi-Factor Auth: TOTP-based 2FA support
API Keys: Scoped permissions with rotation support
RBAC: Role-based access control for team members
Audit Logs: Complete audit trail of all access and actions

Infrastructure Security

Isolation: Training jobs run in isolated Docker containers
Network Security: Private VPCs, firewall rules, DDoS protection
Vulnerability Scanning: Automated scanning of dependencies
Patch Management: Regular security updates and patches
Backups: Automated daily backups with 30-day retention

Monitoring & Response

24/7 Monitoring: Real-time security event monitoring
Intrusion Detection: Automated threat detection systems
Incident Response: Documented response procedures
Alerting: Immediate alerts for suspicious activity
Logging: Comprehensive logs for forensic analysis

Compliance & Certifications

We meet industry standards for security and privacy

GDPR Compliant

Full compliance with EU General Data Protection Regulation

• Data portability and right to deletion
• Data processing agreements available
• Privacy by design principles

SOC 2 Type II

In progress - completing certification for enterprise customers

• Security controls audit
• Availability and processing integrity
• Confidentiality and privacy

CCPA Compliant

California Consumer Privacy Act compliance for US users

• Data disclosure and opt-out rights
• No sale of personal information
• Transparent privacy practices

ISO 27001

Pursuing ISO 27001 certification for information security

• Information security management
• Risk assessment and treatment
• Continuous improvement

Your Data Privacy Guarantee

We Never Use Your Training Data:

Your datasets are used ONLY for your fine-tuning jobs
We don't train models on your data or use it to improve our platform
Your data is never shared with other users or third parties
You can delete your data at any time - it's immediately removed
All data is encrypted at rest and in transit

Security Best Practices

Recommendations to keep your account secure

✓ Do

• Enable two-factor authentication (2FA)
• Use strong, unique passwords
• Rotate API keys regularly
• Review audit logs periodically
• Use scoped API keys with minimal permissions
• Keep your email address up to date

✗ Don't

• Share your password or API keys
• Use the same password across services
• Commit API keys to public repositories
• Leave API keys in client-side code
• Ignore security alerts or notifications
• Use root API keys for applications

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:

Report Privately:

Email security@finetunelab.ai with details

Allow Time to Fix:

Give us 90 days to address the issue before public disclosure

Get Recognition:

We'll acknowledge your contribution (if desired) and may offer bounties for critical vulnerabilities

Questions About Security?

Our security team is here to help answer your questions.

Contact Security Team