Hyperbolic is committed to protecting your data and maintaining the highest security standards across our platform. This page outlines our security measures, compliance status, and best practices for securing your account.Documentation Index
Fetch the complete documentation index at: https://docs.hyperbolic.ai/docs/llms.txt
Use this file to discover all available pages before exploring further.
Platform security
Infrastructure security
Hyperbolic’s infrastructure is designed with security as a foundational principle. Data center security- Geographically distributed data centers with physical access controls
- 24/7 monitoring and surveillance
- Redundant power and networking systems
- Environmental controls and fire suppression
- Network segmentation and isolation between tenants
- DDoS protection and traffic monitoring
- Encrypted communications between all internal services
- Regular security assessments and penetration testing
Data protection
Encryption| Data State | Encryption |
|---|---|
| In transit | TLS 1.2+ for all API communications |
| At rest | AES-256 encryption for stored data |
- Each GPU instance runs in an isolated environment
- No shared memory or storage between tenant instances
- Network isolation between customer workloads
- Secure instance termination with data wiping
Access controls
Hyperbolic uses multiple layers of authentication and authorization:- API key authentication - All API requests require valid API keys
- SSH key authentication - Public key authentication for GPU instance access
- No shared credentials - Each user has unique credentials
- Session management - Automatic session expiration and secure token handling
Compliance
Hyperbolic is actively working toward industry compliance certifications. Contact security@hyperbolic.ai for the latest compliance status and documentation.
SOC 2
Hyperbolic is pursuing SOC 2 Type II certification, which evaluates:- Security - Protection against unauthorized access
- Availability - System availability for operation and use
- Processing integrity - System processing is complete and accurate
- Confidentiality - Information designated as confidential is protected
- Privacy - Personal information is collected and used appropriately
GDPR
For customers processing data subject to GDPR, Hyperbolic provides:- Data processing agreements (DPAs) upon request
- Data residency options for EU-based processing
- Support for data subject access requests
- Clear data retention and deletion policies
HIPAA
For healthcare organizations interested in using Hyperbolic:- Contact us to discuss your specific compliance requirements
- We can work with you on Business Associate Agreements (BAAs) for qualified use cases
- Enterprise customers may have access to dedicated, compliant infrastructure
Vulnerability reporting
Hyperbolic takes security vulnerabilities seriously. If you discover a security issue, please report it responsibly.How to report
Email security@hyperbolic.ai with:- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any supporting evidence (screenshots, logs, etc.)
What to expect
- Acknowledgment - We’ll acknowledge receipt within 48 hours
- Investigation - Our security team will investigate the report
- Updates - We’ll keep you informed of our progress
- Resolution - We’ll work to resolve valid vulnerabilities promptly
- Recognition - With your permission, we’ll acknowledge your contribution
Responsible disclosure
We ask that you:- Give us reasonable time to address the issue before public disclosure
- Avoid accessing or modifying other users’ data
- Act in good faith to avoid privacy violations and service disruptions
Best practices
Follow these recommendations to keep your Hyperbolic account secure.API key security
| Practice | Description |
|---|---|
| Use environment variables | Store keys in HYPERBOLIC_API_KEY, never hardcode |
| Never commit to repos | Add .env files to .gitignore |
| Rotate periodically | Generate new keys if you suspect compromise |
| Separate environments | Use different keys for development and production |
| Monitor usage | Review billing for unexpected charges |
SSH key security
| Practice | Description |
|---|---|
| Use strong key types | Prefer Ed25519 or RSA with 4096 bits |
| Protect private keys | Set permissions to 600 (chmod 600 ~/.ssh/id_ed25519) |
| Use passphrases | Add a passphrase to your private key for extra protection |
| Don’t share keys | Each team member should have their own key pair |
| Audit regularly | Remove unused keys from your account |
Account security
- Use a strong, unique password - Don’t reuse passwords from other services
- Enable 2FA when available - Two-factor authentication adds an extra layer of security
- Review active sessions - Log out of sessions you don’t recognize
- Monitor billing - Set up alerts for unusual spending patterns
- Keep contact info current - Ensure you can receive security notifications
Instance security
When using On-Demand GPU instances:- Keep software updated - Apply security patches to your instance OS and applications
- Use firewalls - Configure instance firewalls to allow only necessary traffic
- Don’t expose unnecessary ports - Only open ports required for your application
- Secure your applications - Follow security best practices for any services you deploy
- Clean up sensitive data - Remove sensitive files before terminating instances
Support
For security-related questions or concerns:| Contact | Purpose |
|---|---|
| security@hyperbolic.ai | Vulnerability reports, security questions |
| legal@hyperbolic.ai | Compliance inquiries, DPAs, BAAs |
| support@hyperbolic.ai | General account security issues |
Next steps
Account Management
Set up API keys and SSH keys securely
Billing
Monitor usage and set up billing alerts
Developer Tools
Configure CLI and extensions securely