Security & Compliance

SupaEval is built with enterprise-grade security and compliance features to protect your data and meet regulatory requirements.

Data Security

Encryption at Rest

All data is encrypted using AES-256 encryption in our databases and storage systems.

Encryption in Transit

TLS 1.3 for all API communications. HTTPS-only connections enforced.

API Key Management

Scoped API keys with role-based permissions. Rotate keys without downtime.

Infrastructure Security

Hosted on SOC 2 compliant infrastructure with regular security audits.

Authentication & Authorization

  • API Keys - Secure token-based authentication
  • OAuth 2.0 - Enterprise SSO integration (coming soon)
  • SAML - Identity provider integration (enterprise plan)
  • MFA - Multi-factor authentication for account access

Access Control

Role-Based Access Control (RBAC)

Granular permission management:

  • Admin - Full access to all resources and settings
  • Developer - Create and run evaluations, view results
  • Viewer - Read-only access to dashboards and results
  • Custom Roles - Define specific permissions (enterprise plan)

Team Management

  • Invite team members with specific roles
  • Audit logs of all user actions
  • Automatic session expiry
  • IP allowlisting for sensitive operations
Principle of Least Privilege
Grant users the minimum permissions needed for their role. Regularly review and audit access permissions.

Compliance & Certifications

SOC 2 Type II

Annual audits of security, availability, and confidentiality controls.

GDPR Compliant

EU data residency options. Data processing agreements available.

HIPAA (Coming Soon)

HIPAA-compliant infrastructure for healthcare applications.

Data Privacy

  • Data Isolation - Tenant-level data separation
  • Data Retention - Configurable retention policies
  • Data Deletion - Complete data removal on request
  • Anonymization - PII detection and redaction options

Security Monitoring

Continuous security monitoring includes:

  • Real-time threat detection
  • Intrusion prevention systems
  • Anomaly detection for API usage
  • Automated security patching

Audit Logs

Comprehensive audit trails of:

  • API requests and responses
  • User authentication events
  • Permission changes
  • Data access and modifications
  • Export and deletion requests
Enterprise Features
Advanced security features like SAML SSO, custom roles, and extended audit logs are available on enterprise plans. Contact sales for details.

Incident Response

In the unlikely event of a security incident:

  • 24/7 security team monitoring
  • Immediate notification to affected customers
  • Transparent incident reports
  • Post-mortem analysis and prevention measures

Responsible Disclosure

Found a security vulnerability? We appreciate responsible disclosure:

  • Email: security@supaeval.com
  • Encryption: PGP key available on request
  • Bug bounty program (details on website)

Next Steps

Get Started

Start using SupaEval securely

Previous
Benchmarks
Create and compare benchmarks