Security at SUPA

At SUPA, we are committed to ensuring the highest level of security and data privacy for our customers. We understand that the sensitive nature of our work requires the highest level of protection. As such, we have taken steps to ensure our security measures exceed industry standards. Our security program is designed to safeguard customer data and ensure the confidentiality, integrity, and availability of data across all our systems.

Protection of customer data

Access control

We have provisioned administrative roles and associated privileges based on the principle of ‘least privilege’ and ‘need-to-know’ basis. All stakeholders interacting with data are required to sign a non-disclosure agreement (NDA) to maintain confidentiality of all data. We maintain an audit trail of all actions on our proprietary image annotation platform for monitoring and accountability.

Customer privacy 

We are committed to protecting customer privacy and anonymity. We never disclose the name of our clients to our workforce, and only permit access to data for annotators who have successfully completed our assessments. Annotators’ access is further limited to prevent access of entire datasets, historical data, or backtracking functions. 

Data encryption

All unlabeled and labeled data, metadata and private user information are encrypted at rest using AES-256. We use ISO/IEC 27001 certified AWS cloud storage, which provides server-side encryption using AWS’s default keys. Data is automatically decrypted when accessed by an authorized user. When in transit, data is encrypted via Transport Layer Security (TLSv1.2+) between customers and our servers, and via HTTPS and SSH within our internal network. We also support self-hosted assets on customers’ choice of cloud platform using signed urls or delegated access. In addition, we maintain data segmentation to keep each client's data separate, and we can provide dedicated hosts upon request.

If you have any questions or concerns about our security practices, please do not hesitate to contact us.

How We Comply with the General Data Protection Regulation (“GDPR”)

GDPR is a European privacy law that governs the collection, use, and processing of personal data of EU citizens. We have adopted and implemented core principles of GDPR to ensure the responsible handling of personal data:

  • We process your data transparently, fairly, and lawfully. We provide clear disclosure on how your data is handled, stored and accessed.
  • We only collect data that is essential for our operations, sharing it only with selected third-party services that uphold industry-leading privacy and security standards.
  • We are committed to maintaining the accuracy of your data and provide you with the means to modify or delete your information as per your wishes.
  • We retain your information only for as long as you use our services and promptly delete it upon your request.
  • We use advanced security protocols, including bank-grade encryption, access controls, and authorization controls, to protect your data both in transit and at rest.