Security

The security of your data is very important to us, and we designed Segmind with multiple layers of protection across a distributed, reliable infrastructure.

Security first architecture

For Enterprise plan, we deploy Segmind in your cloud and provide the same cluster management tools backing our own internal infrastructure. This means you can keep your data in your own S3 buckets, perform runs on your own machines, and deploy models within your own cloud infrastructure.

The data engineer doesn’t need to worry about many of the details — simply write the code and Segmind runs it. A key benefit of the hybrid PaaS model is that the vast majority of your actual data remains in systems under your control, such as your AWS account. While certain data, such as your notebooks, configurations, K8s logs, and user information, is present within the control plane, that information is encrypted at rest within the control plane, and communication to and from the control plane is encrypted in transit.

Data security

We create a dedicated VPC to provide complete network isolation between clients. This helps us secure and monitor connections, screen traffic, and restrict instance access inside your virtual network. All data stored with Segmind are encrypted at rest. The keys are managed and rotated automatically by our Cloud Service Provider.

Architecture
Architecture



All files are encrypted at rest, whether they are files you create or anything you upload. The keys are managed and rotated automatically by the Cloud Provider.

For sensitive information (such as database integrations or environment variables), we apply a layer of industry standard  AES-256 encryption before storing them in our database. Decryption keys are stored separately.

All data transmitted between Segmind and our users is protected using Transport Layer Security (TLS), and our Strict-Transport-Security (HSTS) settings assure that your browser will never send an unencrypted request to us.

All the data is stored on tier 1 data centers with highest level of compliance including HIPAA.

Account login

We support only trusted SSO providers and do not support email/password based authentication. All SSOs support multi-factor authentication (MFA) and have a high level of security.

Privacy

You own and control your data. Segmind is committed to keeping it private. Our privacy policy describes when we collect your information and why. We process your data with due care, in accordance with all applicable laws and regulations, including the regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation (GDPR).

Segmind Access

Segmind access to your environment includes a cross-account IAM role. The cross-account IAM role allows the Segmind control plane to configure resources in your environment using the AWS APIs. It does not grant access to your data sets.

Operational Security

Team Access

We follow the principle of least privilege in how we write design our cloud infrastructure and how we access it. We use Google account authentication with two-factor authentication enforced for all accesses to production systems.

Code Reviews

Changes to source code destined for production systems are subject to code reviews by qualified engineering peers. We adhere to a secure development lifecycle and review the security implications of every change. Prior to updating production services, the contributors to the updated software version are required to verify that their changes are working as intended in the staging environment.

Report a security vulnerability

If you’re spot a vulnerability on our application (*.segmind.com), we’d love to know about it.

  1. Share with us the details of the vulnerability so we that we can reproduce it. You can contact us via the contact page or by sending an email to contact[at]segmind.com.
  2. Remote Code Execution (RCE) on the containers that runs your sessions to execute code is not considered a vulnerability.
  3. Please keep the details of the vulnerability confidential until we have fixed the issue.
  4. Avoid copying, deleting or changing any data that does not below to you. Also, avoid disrupting our services in any way.