Security is Foundational
Security isn't an afterthought at Wolfia—it's a core principle guiding our technology, processes, and culture. We are committed to keeping your data safe and secure through rigorous controls and continuous improvement.
Last updated: April 2, 2025
How we secure your data
Data Encryption
We employ robust encryption (AES-256 at rest, TLS 1.3+ in transit) to protect your data, ensuring confidentiality and integrity at all stages.
Infrastructure Security
Leveraging secure cloud providers (AWS) with network segmentation, firewalls, IDS/IPS, and continuous monitoring to safeguard our infrastructure.
Secure Development
Security is embedded in our SDLC with secure coding practices, mandatory code reviews, SAST/DAST scanning, and dependency management.
Access Control
Strict role-based access (RBAC), mandatory Multi-Factor Authentication (MFA), and comprehensive logging ensure only authorized personnel access systems.
Compliance & Testing
Actively pursuing SOC 2 Type 2 certification and conducting regular third-party penetration tests and vulnerability scans to validate our controls.
Data Privacy & AI Safety
Your data is never used for training our models. We enforce zero data retention by default and process data primarily in the US under strict controls.
Key Security Measures
Incident Response
We maintain a comprehensive Incident Response Plan (IRP) with documented procedures (playbooks) for various security event types. This ensures a consistent, coordinated response. The plan includes regular testing via tabletop exercises, protocols for rapid internal and external communication (including customer notification when required), defined roles and responsibilities, and clear escalation paths to ensure swift containment, eradication, recovery, and post-incident analysis for continuous improvement.
Endpoint Security
All company-managed devices used to access sensitive data or systems are hardened and centrally managed. This includes mandatory full-disk encryption (FileVault/BitLocker), deployment of Endpoint Detection & Response (EDR) solutions for advanced threat detection and prevention, centrally managed anti-malware software, secure configuration baselines enforced via Mobile Device Management (MDM), and timely application patching to protect against known vulnerabilities and potential data loss.
Personnel Security
Our employees are a critical part of our security posture. Background checks are conducted for relevant roles subject to local laws. All personnel receive mandatory security awareness training upon hire and annually thereafter, covering phishing, social engineering, data handling best practices, and incident reporting. Employees are also bound by confidentiality agreements to protect sensitive company and customer information.
Sub-processor Security
We perform rigorous due diligence on all third-party sub-processors before engagement, evaluating their security practices, compliance certifications, and data handling policies. We maintain contractual agreements requiring them to meet high security standards, primarily process data within the US, adhere to data retention limitations consistent with our policies, and undergo regular security reviews or audits. We monitor our critical sub-processors on an ongoing basis.
Enterprise Ready Features
Our platform is built with enterprise needs in mind. Key features include zero data retention by default to minimize data exposure, options for customizable data retention policies to meet specific compliance needs, flexible authentication methods including support for Single Sign-On (SSO) integrations (like SAML or OIDC), and defined Service Level Agreements (SLAs) covering availability and support appropriate for business operations.
Customer Responsibilities
Security is a shared responsibility. Customers play a vital role by managing user access rights within their Wolfia account using the principle of least privilege, ensuring their users safeguard login credentials (strong passwords, MFA), maintaining the integrity and appropriateness of data they input or connect to the service, securely configuring any third-party integrations, and promptly reporting any suspected security incidents or unauthorized account activity to Wolfia.