Skip to main content
Hyperbolic is committed to protecting your data and maintaining the highest security standards across our platform. This page outlines our security measures, compliance status, and best practices for securing your account.

Platform security

Infrastructure security

Hyperbolic’s infrastructure is designed with security as a foundational principle. Data center security
  • Geographically distributed data centers with physical access controls
  • 24/7 monitoring and surveillance
  • Redundant power and networking systems
  • Environmental controls and fire suppression
Network security
  • Network segmentation and isolation between tenants
  • DDoS protection and traffic monitoring
  • Encrypted communications between all internal services
  • Regular security assessments and penetration testing

Data protection

Encryption
Data StateEncryption
In transitTLS 1.2+ for all API communications
At restAES-256 encryption for stored data
Instance isolation
  • Each GPU instance runs in an isolated environment
  • No shared memory or storage between tenant instances
  • Network isolation between customer workloads
  • Secure instance termination with data wiping

Access controls

Hyperbolic uses multiple layers of authentication and authorization:
  • API key authentication - All API requests require valid API keys
  • SSH key authentication - Public key authentication for GPU instance access
  • No shared credentials - Each user has unique credentials
  • Session management - Automatic session expiration and secure token handling

Compliance

Hyperbolic is actively working toward industry compliance certifications. Contact security@hyperbolic.ai for the latest compliance status and documentation.

SOC 2

Hyperbolic is pursuing SOC 2 Type II certification, which evaluates:
  • Security - Protection against unauthorized access
  • Availability - System availability for operation and use
  • Processing integrity - System processing is complete and accurate
  • Confidentiality - Information designated as confidential is protected
  • Privacy - Personal information is collected and used appropriately

GDPR

For customers processing data subject to GDPR, Hyperbolic provides:
  • Data processing agreements (DPAs) upon request
  • Data residency options for EU-based processing
  • Support for data subject access requests
  • Clear data retention and deletion policies
Contact legal@hyperbolic.ai for GDPR-related inquiries and DPA requests.

HIPAA

Hyperbolic is not currently HIPAA-certified. Do not process Protected Health Information (PHI) on the platform without consulting our team first.
For healthcare organizations interested in using Hyperbolic:
  • Contact us to discuss your specific compliance requirements
  • We can work with you on Business Associate Agreements (BAAs) for qualified use cases
  • Enterprise customers may have access to dedicated, compliant infrastructure
Contact security@hyperbolic.ai for healthcare and HIPAA-related discussions.

Vulnerability reporting

Hyperbolic takes security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

How to report

Email security@hyperbolic.ai with:
  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Any supporting evidence (screenshots, logs, etc.)

What to expect

  1. Acknowledgment - We’ll acknowledge receipt within 48 hours
  2. Investigation - Our security team will investigate the report
  3. Updates - We’ll keep you informed of our progress
  4. Resolution - We’ll work to resolve valid vulnerabilities promptly
  5. Recognition - With your permission, we’ll acknowledge your contribution

Responsible disclosure

We ask that you:
  • Give us reasonable time to address the issue before public disclosure
  • Avoid accessing or modifying other users’ data
  • Act in good faith to avoid privacy violations and service disruptions

Best practices

Follow these recommendations to keep your Hyperbolic account secure.

API key security

Treat your API key like a password. Anyone with your key can make requests on your behalf and incur charges.
PracticeDescription
Use environment variablesStore keys in HYPERBOLIC_API_KEY, never hardcode
Never commit to reposAdd .env files to .gitignore
Rotate periodicallyGenerate new keys if you suspect compromise
Separate environmentsUse different keys for development and production
Monitor usageReview billing for unexpected charges
Example: Using environment variables 
# Set the environment variable
export HYPERBOLIC_API_KEY="your-api-key-here"

# Use in your application
import os
api_key = os.environ.get("HYPERBOLIC_API_KEY")

SSH key security

PracticeDescription
Use strong key typesPrefer Ed25519 or RSA with 4096 bits
Protect private keysSet permissions to 600 (chmod 600 ~/.ssh/id_ed25519)
Use passphrasesAdd a passphrase to your private key for extra protection
Don’t share keysEach team member should have their own key pair
Audit regularlyRemove unused keys from your account
Recommended key generation: 
# Generate a secure Ed25519 key with a passphrase
ssh-keygen -t ed25519 -C "your-email@example.com"

Account security

  • Use a strong, unique password - Don’t reuse passwords from other services
  • Enable 2FA when available - Two-factor authentication adds an extra layer of security
  • Review active sessions - Log out of sessions you don’t recognize
  • Monitor billing - Set up alerts for unusual spending patterns
  • Keep contact info current - Ensure you can receive security notifications

Instance security

When using On-Demand GPU instances:
  • Keep software updated - Apply security patches to your instance OS and applications
  • Use firewalls - Configure instance firewalls to allow only necessary traffic
  • Don’t expose unnecessary ports - Only open ports required for your application
  • Secure your applications - Follow security best practices for any services you deploy
  • Clean up sensitive data - Remove sensitive files before terminating instances

Support

For security-related questions or concerns:
ContactPurpose
security@hyperbolic.aiVulnerability reports, security questions
legal@hyperbolic.aiCompliance inquiries, DPAs, BAAs
support@hyperbolic.aiGeneral account security issues

Next steps

Account Management

Set up API keys and SSH keys securely

Billing

Monitor usage and set up billing alerts

Developer Tools

Configure CLI and extensions securely