Security

stepscale AI processes workload telemetry on behalf of customers. We treat that as a serious responsibility.

Data Handling

• All customer telemetry encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Least-privilege access controls; audit logging for all production data access.
• No customer code or application data is collected - only scaling-relevant metrics.

Infrastructure

• Hosted on industry-standard cloud infrastructure with hardware-isolated tenancy.
• Regular vulnerability scanning and dependency review.
• Production systems isolated from development environments.

Compliance

We are SOC 2 Type II readiness in progress and follow GDPR-aligned data handling practices. Enterprise customers can request a security review document.

Reporting Vulnerabilities

Found something? Email [email protected]. We respond within one business day and follow responsible disclosure.

Contact

Security questions: [email protected]