Compound safely and securely
From day one, we have built the Compound platform while prioritizing enterprise security and privacy. Our rigorous standards and protocols allow you to be confident your data is secure.
No training
Customers own all inputs, prompts, and outputs
Encryption
256-bit AES encryption at rest and in transit
Custom Deployments
We support deployment into VPC for maximum security
SOC 2 Type II
Certified SOC 2 Type II compliant, monitored by Vanta
Secure by default.
Enterprise SSO, sign-in controls, encryption, and audit logging — out of the box.
- 01
Enterprise SSO out of the box
SAML, OIDC, Google, and Microsoft sign-in supported on day one.
- 02
Sign-in controls
Per-customer allowlists and domain restrictions enforced at the platform layer.
- 03
Encrypted in transit and at rest
Industry-standard encryption applied to every data flow and every store.
- 04
Comprehensive audit logging
Per-customer observability and audit trails.
Dedicated for regulated teams.
For regulated teams, Compound runs on a dedicated subdomain with single-tenant infrastructure.
- 01
Dedicated subdomain
yourcompany.getcompound.ai with your own TLS certificate.
- 02
Dedicated infrastructure
Dedicated compute and data stores per customer — single-tenant by default.
- 03
Customer VPC
Run inside your AWS or GCP account. Data stays in your cloud, under your existing IAM, keys, and audit logs.
Security questionnaires, DPA, MSA, and penetration test reports — available on request.
Most firms complete review in under a week.
Compound meets the most rigorous security standards.
Frequently Asked Questions
All data is encrypted using 256-bit AES encryption at rest and in transit. We use industry-standard SSL/TLS protocols for data transmission and ensure end-to-end encryption for all sensitive information.
All customer data is stored in the United States. Our infrastructure is hosted on US-based data centers to ensure data residency compliance.
No. Customers maintain full ownership of all inputs, prompts, and outputs. Your data is never used to train our AI models or shared with third parties.
We are SOC 2 Type II certified and GDPR compliant. We have implemented the technical and organizational measures required for GDPR compliance, including data subject rights, encryption, and data processing agreements. Our security posture is continuously monitored by Vanta to ensure we meet the highest security standards.
Yes. We support custom deployments into your Virtual Private Cloud (VPC) for maximum security and control. This option is available for enterprise customers who require dedicated infrastructure.